Total
1964 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-44282 | 1 Dell | 1 Repository Manager | 2024-08-29 | 6.7 Medium |
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
CVE-2024-42366 | 1 Vrcx-team | 1 Vrcx | 2024-08-29 | 9.1 Critical |
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX. | ||||
CVE-2024-42440 | 1 Zoom | 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more | 2024-08-28 | 6.2 Medium |
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
CVE-2024-42441 | 1 Zoom | 4 Macos Meeting Sdk, Meeting Software Development Kit, Rooms and 1 more | 2024-08-28 | 6.2 Medium |
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
CVE-2022-4270 | 1 M-files | 1 M-files Server | 2024-08-28 | 2 Low |
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally. | ||||
CVE-2022-4264 | 1 M-files | 1 M-files | 2024-08-28 | 6.5 Medium |
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | ||||
CVE-2022-1606 | 1 M-files | 1 M-files Server | 2024-08-28 | 2.4 Low |
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. | ||||
CVE-2024-28851 | 2024-08-28 | 4 Medium | ||
The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script. | ||||
CVE-2020-12615 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-08-28 | 7.8 High |
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. | ||||
CVE-2023-48406 | 1 Google | 1 Android | 2024-08-28 | 6.7 Medium |
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-2432 | 2024-08-28 | 4.5 Medium | ||
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | ||||
CVE-2024-36439 | 2024-08-28 | 9.4 Critical | ||
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. | ||||
CVE-2023-47132 | 1 N-able | 1 N-central | 2024-08-27 | 9.8 Critical |
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | ||||
CVE-2024-31498 | 2024-08-27 | 8.8 High | ||
Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. | ||||
CVE-2023-40106 | 2024-08-27 | 7.8 High | ||
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-52114 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-27 | 7.5 High |
Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity. | ||||
CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-08-27 | 7.5 High |
The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. | ||||
CVE-2024-34741 | 1 Google | 1 Android | 2024-08-27 | 7.8 High |
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-20282 | 2024-08-27 | 6 Medium | ||
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device. | ||||
CVE-2024-34743 | 1 Google | 1 Android | 2024-08-27 | 7.8 High |
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |