Total
2122 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48171 | 1 Owasp | 1 Defectdojo | 2024-09-18 | 8.8 High |
| An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | ||||
| CVE-2024-45041 | 1 External-secrets | 2 External-secrets, External Secrets Operator | 2024-09-18 | 8.3 High |
| External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2. | ||||
| CVE-2024-39574 | 1 Dell | 2 Insightiq, Powerscale Insightiq | 2024-09-16 | 6.7 Medium |
| Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | ||||
| CVE-2024-42036 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-13 | 2.5 Low |
| Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-45058 | 1 Portabilis | 1 I-educar | 2024-09-13 | 8.1 High |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue. | ||||
| CVE-2024-5760 | 3 Hp Inc, Microsoft, Samsung | 3 Samsung Universal Print Driver, Windows, Universal Print Driver | 2024-09-13 | 8.4 High |
| The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018. | ||||
| CVE-2024-4555 | 2 Microfocus, Netiq | 2 Netiq Access Manager, Access Manager | 2024-09-12 | 7.7 High |
| Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | ||||
| CVE-2024-7480 | 1 Avaya | 1 Aura System Manager | 2024-09-11 | 4.2 Medium |
| An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | ||||
| CVE-2024-44893 | 1 Jeecg | 1 Jimureport | 2024-09-10 | 9.8 Critical |
| An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | ||||
| CVE-2024-43240 | 1 Wpindeed | 1 Ultimate Membership Pro | 2024-09-06 | 9.4 Critical |
| Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6. | ||||
| CVE-2024-4428 | 1 Menulux | 2 Management Portal, Managment Portal | 2024-08-30 | 9.8 Critical |
| Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024. | ||||
| CVE-2024-42366 | 1 Vrcx-team | 1 Vrcx | 2024-08-29 | 9.1 Critical |
| VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX. | ||||
| CVE-2024-42440 | 1 Zoom | 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more | 2024-08-28 | 6.2 Medium |
| Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
| CVE-2024-42441 | 1 Zoom | 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more | 2024-08-28 | 6.2 Medium |
| Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
| CVE-2020-11846 | 2 Microfocus, Opentext | 2 Netiq Privileged Access Manager, Privileged Access Manager | 2024-08-23 | 8.7 High |
| A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. | ||||
| CVE-2023-22576 | 1 Dell | 1 Repository Manager | 2024-08-23 | 7 High |
| Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service. | ||||
| CVE-2024-42774 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | ||||
| CVE-2024-43311 | 1 Geek Code Lab | 1 Login As Users | 2024-08-22 | 9.8 Critical |
| Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2. | ||||
| CVE-2024-33656 | 1 Ami | 1 Aptio V | 2024-08-21 | 7.8 High |
| The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms | ||||
| CVE-2024-43403 | 1 Kanisterio | 1 Kanister | 2024-08-21 | 8.8 High |
| Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation. | ||||