Total
2157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2931 | 6 Canonical, Debian, Linux and 3 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-11-21 | 7.8 High |
| The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | ||||
| CVE-2008-2271 | 1 Site Documentation Project | 1 Site Documentation | 2024-11-21 | N/A |
| The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database. | ||||
| CVE-2007-2444 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-11-21 | N/A |
| Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | ||||
| CVE-2006-4243 | 1 Linux-vserver | 1 Linux-vserver | 2024-11-21 | 9.8 Critical |
| linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. | ||||
| CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2024-11-20 | N/A |
| gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | ||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 5.3 Medium |
| A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2024-11-20 | N/A |
| rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | ||||
| CVE-2002-0049 | 1 Microsoft | 1 Exchange Server | 2024-11-20 | N/A |
| Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. | ||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2024-11-20 | 8.4 High |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. | ||||
| CVE-2024-9192 | 1 Pressaholic | 1 Wordpress Video Robot | 2024-11-19 | 8.8 High |
| The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator. | ||||
| CVE-2020-26063 | 1 Cisco | 1 Unified Computing System | 2024-11-18 | 5.4 Medium |
| A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability. | ||||
| CVE-2024-49558 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2024-11206 | 1 Tecno | 1 Com.transsion.phoenix | 2024-11-15 | 7.5 High |
| Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. | ||||
| CVE-2024-24409 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-13 | 8.8 High |
| Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | ||||
| CVE-2024-8424 | 2 Watchgua, Watchguard | 3 Panda Dome Firmware, Epdr Firmware, Panda Ad360 Firmware | 2024-11-08 | 7.8 High |
| Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00. | ||||
| CVE-2024-10203 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2024-11-08 | 7 High |
| Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. | ||||
| CVE-2024-8810 | 1 Github | 1 Enterprise Server | 2024-11-08 | N/A |
| A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-51521 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.7 Medium |
| Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-20374 | 1 Cisco | 1 Firepower Management Center | 2024-10-26 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials. | ||||
| CVE-2024-7890 | 1 Citrix | 2 Workspace, Workspace App | 2024-10-22 | 7.3 High |
| Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||