Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13188 | 2025-01-08 | 5.3 Medium | ||
| A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-43902 | 1 Emsigner | 1 Emsigner | 2025-01-08 | 9.8 Critical |
| Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token. | ||||
| CVE-2022-4569 | 1 Lenovo | 2 Thinkpad Hybrid Usb-c With Usb-a Dock, Thinkpad Hybrid Usb-c With Usb-a Dock Firmware | 2025-01-08 | 7.8 High |
| A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | ||||
| CVE-2022-41572 | 2025-01-08 | 9.8 Critical | ||
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. | ||||
| CVE-2023-23583 | 3 Debian, Intel, Netapp | 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more | 2025-01-07 | 8.8 High |
| Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | ||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | ||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | 7.8 High |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | ||||
| CVE-2021-27285 | 2025-01-07 | 8.4 High | ||
| An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell. | ||||
| CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-01-07 | 4.3 Medium |
| In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | ||||
| CVE-2023-2530 | 1 Puppet | 1 Puppet Enterprise | 2025-01-07 | 9.8 Critical |
| A privilege escalation allowing remote code execution was discovered in the orchestration service. | ||||
| CVE-2023-33282 | 1 Marvalglobal | 1 Msm | 2025-01-07 | 9.1 Critical |
| Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application. | ||||
| CVE-2023-31116 | 1 Samsung | 4 Exynos 5123, Exynos 5123 Firmware, Exynos 5300 and 1 more | 2025-01-07 | 9.8 Critical |
| An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application. | ||||
| CVE-2023-28739 | 1 Intel | 1 Chipset Device Software | 2025-01-07 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-44224 | 1 Apple | 1 Macos | 2025-01-07 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-52926 | 1 Delinea Privilege Manager | 1 Delinea Privilege Manager | 2025-01-06 | 6.5 Medium |
| Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. | ||||
| CVE-2024-45494 | 2025-01-06 | 9.8 Critical | ||
| An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions. | ||||
| CVE-2023-32221 | 1 Easeus | 1 Todo Backup | 2025-01-04 | 8.8 High |
| EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation. | ||||
| CVE-2024-53841 | 2025-01-03 | 7.8 High | ||
| In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53840 | 2025-01-03 | 7.8 High | ||
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53835 | 2025-01-03 | 7.8 High | ||
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||