Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1693 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-10-08 | 7.2 HIGH | 7.8 HIGH |
| Windows CSC Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-1704 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-10-08 | 7.2 HIGH | 7.3 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2024-09-27 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2024-46989 | 2024-09-20 | N/A | N/A | ||
| spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries. | |||||
| CVE-2022-3369 | 1 Bitdefender | 1 Engines | 2024-09-17 | N/A | 5.5 MEDIUM |
| An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659. | |||||
| CVE-2024-4555 | 1 Microfocus | 1 Netiq Access Manager | 2024-09-12 | N/A | 7.5 HIGH |
| Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | |||||
| CVE-2023-51429 | 1 Hihonor | 1 Magic Os | 2024-09-09 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2022-4264 | 1 M-files | 1 M-files | 2024-08-28 | N/A | 4.3 MEDIUM |
| Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | |||||
| CVE-2022-4270 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 2.6 LOW |
| Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | |||||
| CVE-2022-1606 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 4.3 MEDIUM |
| Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. | |||||
| CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-08-27 | N/A | 7.5 HIGH |
| The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-6735 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-08-26 | N/A | 7.8 HIGH |
| Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||
| CVE-2024-43311 | 2024-08-20 | N/A | N/A | ||
| Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2. | |||||
| CVE-2024-32918 | 1 Google | 1 Android | 2024-08-19 | N/A | 6.1 MEDIUM |
| Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps | |||||
| CVE-2024-29052 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-08-15 | N/A | 7.8 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||
| CVE-2024-5909 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-08-07 | N/A | 5.5 MEDIUM |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | |||||
| CVE-2018-10172 | 1 7-zip | 1 7-zip | 2024-08-05 | 7.2 HIGH | 8.8 HIGH |
| 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows. | |||||
| CVE-2020-24307 | 1 Mremoteng | 1 Mremoteng | 2024-08-04 | N/A | 7.8 HIGH |
| An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present. | |||||
| CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-08-04 | 7.2 HIGH | 8.8 HIGH |
| TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | |||||
| CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-08-04 | 4.4 MEDIUM | 7.8 HIGH |
| A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | |||||