Total
1966 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-39302 | 2024-08-02 | 3.7 Low | ||
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7. | ||||
CVE-2024-39206 | 1 Msp360 | 1 Backup Agent | 2024-08-02 | 7.5 High |
An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key. | ||||
CVE-2024-37927 | 2024-08-02 | 9.8 Critical | ||
Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0. | ||||
CVE-2024-37858 | 1 Lost And Found Information System Project | 1 Lost And Found Information System | 2024-08-02 | 9.8 Critical |
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. | ||||
CVE-2024-37726 | 1 Micro Star International Co | 1 Msi Center | 2024-08-02 | 6.8 Medium |
Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe | ||||
CVE-2024-37560 | 1 Iqbalrony | 1 Wp User Switch | 2024-08-02 | 8 High |
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | ||||
CVE-2024-37484 | 2024-08-02 | 8.8 High | ||
Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97. | ||||
CVE-2024-37364 | 1 Ariane Allegro | 1 Scenario Player | 2024-08-02 | 6.8 Medium |
Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS. | ||||
CVE-2024-37126 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | ||||
CVE-2024-37133 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | ||||
CVE-2024-36586 | 1 Adguard | 1 Adguardhome | 2024-08-02 | 8.8 High |
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. | ||||
CVE-2024-36500 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.8 High |
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-36499 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 6.8 Medium |
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-36077 | 2024-08-02 | 8.8 High | ||
Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 (14.173.3 through 14.173.7), November 2023 Patch 8 (14.159.4 through 14.159.13), August 2023 Patch 13 (14.139.3 through 14.139.20), May 2023 Patch 15 (14.129.3 through 14.129.22), February 2023 Patch 13 (14.113.1 through 14.113.18), November 2022 Patch 13 (14.97.2 through 14.97.18), August 2022 Patch 16 (14.78.3 through 14.78.23), and May 2022 Patch 17 (14.67.7 through 14.67.31). This has been fixed in May 2024 (14.187.4), February 2024 Patch 4 (14.173.8), November 2023 Patch 9 (14.159.14), August 2023 Patch 14 (14.139.21), May 2023 Patch 16 (14.129.23), February 2023 Patch 14 (14.113.19), November 2022 Patch 14 (14.97.19), August 2022 Patch 17 (14.78.25), and May 2022 Patch 18 (14.67.34). | ||||
CVE-2024-36056 | 2024-08-02 | 5.4 Medium | ||
Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation. | ||||
CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2024-08-02 | 9.8 Critical |
Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8. | ||||
CVE-2024-35430 | 2024-08-02 | 8.1 High | ||
In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application. | ||||
CVE-2024-34725 | 2024-08-02 | 7.4 High | ||
In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-34517 | 2024-08-02 | 9.8 Critical | ||
The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles IMMUTABLE | ||||
CVE-2024-34454 | 2024-08-02 | 7.4 High | ||
Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name). |