Filtered by CWE-269
Total 2001 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-4395 2024-08-01 7.8 High
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
CVE-2024-4390 1 Depicter 1 Depicter 2024-08-01 6.5 Medium
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks.
CVE-2024-4017 2024-08-01 8.8 High
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
CVE-2024-4018 2024-08-01 8.8 High
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
CVE-2024-3507 2024-08-01 7.7 High
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.
CVE-2024-3470 2024-08-01 5.9 Medium
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-3388 2024-08-01 4.1 Medium
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
CVE-2024-3325 2024-08-01 N/A
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.
CVE-2024-2859 2024-08-01 6.8 Medium
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
CVE-2024-2228 2024-08-01 7.1 High
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.
CVE-2024-2003 2024-08-01 7.3 High
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.
CVE-2024-1575 2024-08-01 6.5 Medium
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
CVE-2024-1442 1 Redhat 2 Acm, Ceph Storage 2024-08-01 6 Medium
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
CVE-2024-0751 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-08-01 8.8 High
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0674 1 Lamassu 4 Douro, Douro Firmware, Douro Ii and 1 more 2024-08-01 6.3 Medium
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.
CVE-2024-0219 1 Progress 1 Telerik Justdecompile 2024-08-01 7.8 High
In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
CVE-2024-0082 2024-08-01 8.2 High
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
CVE-2024-0097 2024-08-01 7.5 High
NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering.
CVE-2024-0096 2024-08-01 7.5 High
NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering.
CVE-2024-0049 2024-08-01 7.8 High
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.