Total
2001 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-4395 | 2024-08-01 | 7.8 High | ||
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. | ||||
CVE-2024-4390 | 1 Depicter | 1 Depicter | 2024-08-01 | 6.5 Medium |
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks. | ||||
CVE-2024-4017 | 2024-08-01 | 8.8 High | ||
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | ||||
CVE-2024-4018 | 2024-08-01 | 8.8 High | ||
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | ||||
CVE-2024-3507 | 2024-08-01 | 7.7 High | ||
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. | ||||
CVE-2024-3470 | 2024-08-01 | 5.9 Medium | ||
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
CVE-2024-3388 | 2024-08-01 | 4.1 Medium | ||
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | ||||
CVE-2024-3325 | 2024-08-01 | N/A | ||
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. | ||||
CVE-2024-2859 | 2024-08-01 | 6.8 Medium | ||
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | ||||
CVE-2024-2228 | 2024-08-01 | 7.1 High | ||
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. | ||||
CVE-2024-2003 | 2024-08-01 | 7.3 High | ||
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. | ||||
CVE-2024-1575 | 2024-08-01 | 6.5 Medium | ||
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. | ||||
CVE-2024-1442 | 1 Redhat | 2 Acm, Ceph Storage | 2024-08-01 | 6 Medium |
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization. | ||||
CVE-2024-0751 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-08-01 | 8.8 High |
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
CVE-2024-0674 | 1 Lamassu | 4 Douro, Douro Firmware, Douro Ii and 1 more | 2024-08-01 | 6.3 Medium |
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js. | ||||
CVE-2024-0219 | 1 Progress | 1 Telerik Justdecompile | 2024-08-01 | 7.8 High |
In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | ||||
CVE-2024-0082 | 2024-08-01 | 8.2 High | ||
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering | ||||
CVE-2024-0097 | 2024-08-01 | 7.5 High | ||
NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | ||||
CVE-2024-0096 | 2024-08-01 | 7.5 High | ||
NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | ||||
CVE-2024-0049 | 2024-08-01 | 7.8 High | ||
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |