Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2024-55954 | 2025-01-16 | N/A | N/A | ||
| OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the highest-privileged account. Due to insufficient role checks, the `remove_user_from_org` function does not prevent an "Admin" user from removing a "Root" user. As a result, an attacker with an "Admin" role can remove critical "Root" users, potentially gaining effective full control by eliminating the highest-privileged accounts. The `DELETE /api/{org_id}/users/{email_id}` endpoint is affected. This issue has been addressed in release version `0.14.1` and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-9636 | 2025-01-15 | N/A | 9.8 CRITICAL | ||
| The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator. | |||||
| CVE-2022-45853 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2025-01-10 | N/A | 6.7 MEDIUM |
| The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH. | |||||
| CVE-2023-3027 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2025-01-08 | N/A | 7.8 HIGH |
| The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created. | |||||
| CVE-2023-38944 | 1 Multilaser | 4 Re160v, Re160v Firmware, Re163v and 1 more | 2025-01-03 | N/A | 9.8 CRITICAL |
| An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header. | |||||
| CVE-2024-12786 | 2024-12-19 | N/A | N/A | ||
| A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe. | |||||
| CVE-2024-55949 | 2024-12-16 | N/A | N/A | ||
| MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately. | |||||
| CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | N/A | 7.8 HIGH |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | |||||
| CVE-2023-25188 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | N/A | 7.8 HIGH |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. | |||||
| CVE-2023-34146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 7.8 HIGH |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | |||||
| CVE-2023-34147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 7.8 HIGH |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | |||||
| CVE-2023-34148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 7.8 HIGH |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | |||||
| CVE-2020-26063 | 2024-11-18 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability. | |||||
| CVE-2024-9192 | 2024-11-18 | N/A | 8.8 HIGH | ||
| The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator. | |||||
| CVE-2022-21902 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2024-11-14 | 7.2 HIGH | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-21970 | 1 Microsoft | 1 Edge Chromium | 2024-11-14 | 8.3 HIGH | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2024-8074 | 2024-11-12 | N/A | N/A | ||
| Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024. | |||||
| CVE-2023-20563 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2024-10-22 | N/A | 7.8 HIGH |
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | |||||
| CVE-2012-3993 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-10-21 | 9.3 HIGH | N/A |
| The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | |||||