Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13516 | 1 Nzxt | 1 Cam | 2022-09-12 | 2.1 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13517 | 1 Nzxt | 1 Cam | 2022-09-12 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13518 | 1 Nzxt | 1 Cam | 2022-09-12 | 2.1 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13512 | 1 Nzxt | 1 Cam | 2022-09-12 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13513 | 1 Nzxt | 1 Cam | 2022-09-12 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13514 | 1 Nzxt | 1 Cam | 2022-09-12 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13519 | 1 Nzxt | 1 Cam | 2022-09-12 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13515 | 1 Nzxt | 1 Cam | 2022-09-12 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2022-36861 | 1 Google | 1 Android | 2022-09-10 | N/A | 5.3 MEDIUM |
| Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. | |||||
| CVE-2022-24812 | 1 Grafana | 1 Grafana | 2022-09-09 | 6.0 MEDIUM | 8.8 HIGH |
| Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability. | |||||
| CVE-2022-30298 | 1 Fortinet | 1 Fortisoar | 2022-09-09 | N/A | 7.8 HIGH |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. | |||||
| CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2022-09-07 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | |||||
| CVE-2022-25089 | 1 Kofax | 1 Printix | 2022-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. | |||||
| CVE-2021-24158 | 1 Themeisle | 1 Orbit Fox | 2022-08-30 | 3.5 LOW | 6.5 MEDIUM |
| Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration. | |||||
| CVE-2021-23265 | 1 Craftercms | 1 Crafter Cms | 2022-08-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A logged-in and authenticated user with a Reviewer Role may lock a content item. | |||||
| CVE-2007-2444 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 7.2 HIGH | N/A |
| Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | |||||
| CVE-2021-0891 | 1 Google | 1 Android | 2022-08-27 | N/A | 7.5 HIGH |
| An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490 | |||||
| CVE-2021-21911 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2022-08-24 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-36157 | 1 Xuxueli | 1 Xxl-job | 2022-08-23 | N/A | 8.8 HIGH |
| XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | |||||
| CVE-2022-37025 | 1 Mcafee | 1 Security Scan Plus | 2022-08-19 | N/A | 7.8 HIGH |
| An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file. | |||||