Total
2009 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-6908 | 2024-08-01 | N/A | ||
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. | ||||
CVE-1999-0084 | 1 Sun | 1 Nfs | 2024-08-01 | 8.4 High |
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. | ||||
CVE-2024-6286 | 2024-08-01 | N/A | ||
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
CVE-2024-6240 | 1 Parallels | 1 Parallels Desktop | 2024-08-01 | 7.7 High |
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system. | ||||
CVE-2024-6151 | 2024-08-01 | N/A | ||
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | ||||
CVE-2024-5759 | 1 Tenable | 1 Security Center | 2024-08-01 | 5.4 Medium |
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | ||||
CVE-2024-5525 | 2024-08-01 | 8.3 High | ||
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions. | ||||
CVE-2024-4545 | 2024-08-01 | 7.7 High | ||
All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access. | ||||
CVE-2024-4395 | 2024-08-01 | 7.8 High | ||
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. | ||||
CVE-2024-4390 | 1 Depicter | 1 Depicter | 2024-08-01 | 6.5 Medium |
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks. | ||||
CVE-2024-4017 | 2024-08-01 | 8.8 High | ||
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | ||||
CVE-2024-4018 | 2024-08-01 | 8.8 High | ||
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | ||||
CVE-2024-3507 | 2024-08-01 | 7.7 High | ||
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. | ||||
CVE-2024-3470 | 2024-08-01 | 5.9 Medium | ||
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
CVE-2024-3388 | 2024-08-01 | 4.1 Medium | ||
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | ||||
CVE-2024-3325 | 2024-08-01 | N/A | ||
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. | ||||
CVE-2024-2859 | 2024-08-01 | 6.8 Medium | ||
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | ||||
CVE-2024-2228 | 2024-08-01 | 7.1 High | ||
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. | ||||
CVE-2024-2003 | 2024-08-01 | 7.3 High | ||
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. | ||||
CVE-2024-1575 | 2024-08-01 | 6.5 Medium | ||
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. |