Total
1964 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43401 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2024-08-21 | 9.1 Critical |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1. | ||||
CVE-2024-44076 | 1 Microcks | 1 Microcks | 2024-08-21 | 9.8 Critical |
In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | ||||
CVE-2024-4988 | 2024-08-21 | 7.5 High | ||
The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. | ||||
CVE-2024-0172 | 2024-08-20 | 7.9 High | ||
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | ||||
CVE-2024-37107 | 1 Wishlistmember | 1 Wishlist Member X | 2024-08-20 | 8.8 High |
Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7. | ||||
CVE-2024-0353 | 2024-08-20 | 7.8 High | ||
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. | ||||
CVE-2024-33872 | 1 Keyfactor | 1 Command | 2024-08-20 | 9.8 Critical |
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. | ||||
CVE-2024-22069 | 1 Zte | 4 Zxv10 Et301, Zxv10 Et301 Firmware, Zxv10 Xt802 and 1 more | 2024-08-20 | 7.1 High |
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | ||||
CVE-2024-24981 | 2024-08-20 | 7.5 High | ||
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | ||||
CVE-2024-43245 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-08-20 | 9.8 Critical |
Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | ||||
CVE-2023-38944 | 2024-08-19 | 9.8 Critical | ||
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header. | ||||
CVE-2024-6359 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | 6.4 Medium |
Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. | ||||
CVE-2024-32918 | 1 Google | 1 Android | 2024-08-19 | 6.1 Medium |
Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps | ||||
CVE-2024-42995 | 1 Vtiger | 1 Vtiger Crm | 2024-08-19 | 8.3 High |
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. | ||||
CVE-2024-33894 | 2024-08-18 | 8.8 High | ||
Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges. | ||||
CVE-2024-37952 | 1 Themeenergy | 1 Book Your Travel | 2024-08-16 | 8.8 High |
Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. | ||||
CVE-2024-21807 | 1 Intel | 1 Ethernet Complete Driver Pack | 2024-08-16 | 8.8 High |
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-29052 | 1 Microsoft | 13 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 10 more | 2024-08-15 | 7.8 High |
Windows Storage Elevation of Privilege Vulnerability | ||||
CVE-2024-22017 | 1 Redhat | 1 Enterprise Linux | 2024-08-15 | 7.3 High |
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21. | ||||
CVE-2023-7016 | 2024-08-15 | 7.8 High | ||
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access. |