Total
2009 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43211 | 1 Microsoft | 1 Windows 10 Update Assistant | 2024-11-18 | 5.5 Medium |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | ||||
| CVE-2020-26063 | 1 Cisco | 1 Unified Computing System | 2024-11-18 | 5.4 Medium |
| A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability. | ||||
| CVE-2024-9500 | 1 Autodesk | 1 Installer | 2024-11-18 | 7.2 High |
| A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | ||||
| CVE-2024-52516 | 2024-11-18 | 3 Low | ||
| Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6. | ||||
| CVE-2020-3115 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2024-11-15 | 8.8 High |
| A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges. | ||||
| CVE-2020-3112 | 1 Cisco | 1 Data Center Network Manager | 2024-11-15 | 8.8 High |
| A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. | ||||
| CVE-2024-49558 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2020-3265 | 1 Cisco | 15 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 12 more | 2024-11-15 | 7.8 High |
| A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | ||||
| CVE-2020-3243 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-15 | 9.8 Critical |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-3250 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-15 | 9.8 Critical |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2024-11206 | 1 Tecno | 1 Com.transsion.phoenix | 2024-11-15 | 7.5 High |
| Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. | ||||
| CVE-2024-8068 | 2024-11-15 | 0 Low | ||
| Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | ||||
| CVE-2022-21970 | 1 Microsoft | 1 Edge Chromium | 2024-11-14 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2022-21902 | 1 Microsoft | 14 Windows 10, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-14 | 7.8 High |
| Windows DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2023-27558 | 2 Ibm, Microsoft | 3 Db2, Db2 Windows, Windows | 2024-11-14 | 8.4 High |
| IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194. | ||||
| CVE-2023-44250 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-14 | 8.3 High |
| An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | ||||
| CVE-2024-24409 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-13 | 8.8 High |
| Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | ||||
| CVE-2020-3396 | 1 Cisco | 56 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 53 more | 2024-11-13 | 6.8 Medium |
| A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges. | ||||
| CVE-2020-3393 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2024-11-13 | 6 Medium |
| A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability. | ||||
| CVE-2020-27122 | 1 Cisco | 1 Identity Services Engine | 2024-11-13 | 6.7 Medium |
| A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device. | ||||