Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25651 | 1 Avaya | 1 Aura Utility Services | 2024-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-05-17 | 4.6 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2020-24307 | 1 Mremoteng | 1 Mremoteng | 2024-05-17 | N/A | 7.8 HIGH |
| An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present. | |||||
| CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-05-17 | 7.2 HIGH | 8.8 HIGH |
| TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | |||||
| CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-05-17 | 4.4 MEDIUM | 7.8 HIGH |
| A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | |||||
| CVE-2018-10172 | 1 7-zip | 1 7-zip | 2024-05-17 | 7.2 HIGH | 8.8 HIGH |
| 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows. | |||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-34082 | 2024-05-15 | N/A | 8.5 HIGH | ||
| Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch. | |||||
| CVE-2024-30007 | 2024-05-14 | N/A | 8.8 HIGH | ||
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
| CVE-2024-0096 | 2024-05-14 | N/A | 7.5 HIGH | ||
| NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | |||||
| CVE-2024-0097 | 2024-05-14 | N/A | 7.5 HIGH | ||
| NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | |||||
| CVE-2024-4545 | 2024-05-14 | N/A | 7.7 HIGH | ||
| All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access. | |||||
| CVE-2024-3507 | 2024-05-09 | N/A | 7.7 HIGH | ||
| Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. | |||||
| CVE-2023-6507 | 1 Python | 1 Python | 2024-05-07 | N/A | 4.9 MEDIUM |
| An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | |||||
| CVE-2024-20021 | 2024-05-06 | N/A | N/A | ||
| In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. | |||||
| CVE-2023-7241 | 2024-05-01 | N/A | 7.9 HIGH | ||
| Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on Windows64 bit and 32 bit allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files. | |||||
| CVE-2024-23457 | 2024-05-01 | N/A | 7.8 HIGH | ||
| The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209 | |||||
| CVE-2024-23537 | 2024-05-01 | N/A | 8.4 HIGH | ||
| Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | |||||
| CVE-2024-33522 | 2024-04-30 | N/A | 6.7 MEDIUM | ||
| In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. | |||||
| CVE-2024-29052 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-04-26 | N/A | 7.8 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||