Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28250 | 1 Ca | 1 Ehealth Performance Manager | 2024-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-26594 | 1 Rangerstudio | 1 Directus | 2024-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-25651 | 1 Avaya | 1 Aura Utility Services | 2024-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-08-03 | 4.6 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2022-40297 | 1 Ubports | 1 Ubuntu Touch | 2024-08-03 | N/A | 7.8 HIGH |
| UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated. | |||||
| CVE-2023-38817 | 1 Echo | 1 Anti Cheat Tool | 2024-08-02 | N/A | 7.8 HIGH |
| An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself." | |||||
| CVE-2024-38770 | 2024-08-02 | N/A | N/A | ||
| Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20. | |||||
| CVE-2024-38775 | 2024-08-02 | N/A | N/A | ||
| Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6. | |||||
| CVE-2024-39633 | 2024-08-02 | N/A | N/A | ||
| Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0. | |||||
| CVE-2023-52209 | 2024-08-02 | N/A | N/A | ||
| Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0. | |||||
| CVE-2024-39634 | 2024-08-02 | N/A | N/A | ||
| Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14. | |||||
| CVE-2020-11640 | 2024-07-24 | N/A | N/A | ||
| AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. | |||||
| CVE-2023-6740 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-07-23 | N/A | 7.8 HIGH |
| Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||
| CVE-2024-5759 | 1 Tenable | 1 Security Center | 2024-07-19 | N/A | 6.3 MEDIUM |
| An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | |||||
| CVE-2024-4390 | 1 Depicter | 1 Depicter | 2024-07-17 | N/A | 6.5 MEDIUM |
| The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks. | |||||
| CVE-2024-37560 | 2024-07-12 | N/A | N/A | ||
| Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | |||||
| CVE-2024-37927 | 2024-07-12 | N/A | N/A | ||
| Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0. | |||||
| CVE-2021-41345 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-07-03 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-31954 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-07-03 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-1227 | 4 Fedoraproject, Podman Project, Psgo Project and 1 more | 16 Fedora, Podman, Psgo and 13 more | 2024-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | |||||