Total
1964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5993 | 2024-08-08 | 7.8 High | ||
| A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access. | ||||
| CVE-2023-47782 | 2024-08-08 | 8.8 High | ||
| Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0. | ||||
| CVE-2024-32906 | 1 Google | 1 Android | 2024-08-08 | 7.8 High |
| In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32899 | 1 Google | 1 Android | 2024-08-08 | 7.0 High |
| In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-08-08 | 5.3 Medium |
| A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2024-08-08 | N/A |
| rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | ||||
| CVE-2002-0049 | 1 Microsoft | 1 Exchange Server | 2024-08-08 | N/A |
| Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. | ||||
| CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2024-08-08 | N/A |
| gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | ||||
| CVE-2006-4243 | 1 Linux-vserver | 1 Linux-vserver | 2024-08-07 | 9.8 Critical |
| linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. | ||||
| CVE-2024-38770 | 1 Revmakx | 1 Backup And Staging By Wp Time Capsule | 2024-08-07 | 9.8 Critical |
| Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20. | ||||
| CVE-2024-39633 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2024-08-07 | 8.8 High |
| Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0. | ||||
| CVE-2024-5907 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-08-07 | 7.0 High |
| A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. | ||||
| CVE-2024-5909 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-08-07 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | ||||
| CVE-2024-7291 | 1 Crocoblock | 1 Jetelements | 2024-08-07 | 7.2 High |
| The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites. | ||||
| CVE-2007-2444 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-08-07 | N/A |
| Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | ||||
| CVE-2008-2931 | 6 Canonical, Debian, Linux and 3 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-08-07 | 7.8 High |
| The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | ||||
| CVE-2008-2271 | 1 Site Documentation Project | 1 Site Documentation | 2024-08-07 | N/A |
| The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database. | ||||
| CVE-2009-2848 | 8 Canonical, Fedoraproject, Linux and 5 more | 15 Ubuntu Linux, Fedora, Linux Kernel and 12 more | 2024-08-07 | N/A |
| The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | ||||
| CVE-2009-0080 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2024-08-07 | N/A |
| The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." | ||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-08-07 | 8.8 High |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | ||||