Total
1966 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-34332 | 2024-08-02 | 7.8 High | ||
An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. | ||||
CVE-2024-34146 | 2024-08-02 | 6.5 Medium | ||
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories. | ||||
CVE-2024-34082 | 2024-08-02 | 8.5 High | ||
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch. | ||||
CVE-2024-33775 | 2024-08-02 | 9.8 Critical | ||
An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | ||||
CVE-2024-33567 | 2024-08-02 | 9.8 Critical | ||
Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | ||||
CVE-2024-33569 | 1 Connekthq | 1 Instant Images | 2024-08-02 | 7.2 High |
Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. | ||||
CVE-2024-33522 | 2024-08-02 | 6.7 Medium | ||
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. | ||||
CVE-2024-33549 | 2024-08-02 | 8.8 High | ||
Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. | ||||
CVE-2024-33552 | 2024-08-02 | 9.8 Critical | ||
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. | ||||
CVE-2024-33550 | 2024-08-02 | 8.8 High | ||
Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0. | ||||
CVE-2024-33374 | 1 Lb Link | 1 Bl W1210m | 2024-08-02 | 9.8 Critical |
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. | ||||
CVE-2024-33393 | 1 Spidernet-io | 1 Spiderpool | 2024-08-02 | 6.2 Medium |
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | ||||
CVE-2024-33398 | 1 Piraeus Operator | 1 Piraeus Operator | 2024-08-02 | 7.5 High |
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster. | ||||
CVE-2024-32959 | 2024-08-02 | 8.8 High | ||
Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. | ||||
CVE-2024-32960 | 2024-08-02 | 8.8 High | ||
Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | ||||
CVE-2024-32854 | 1 Dell | 1 Powerscale Onefs | 2024-08-02 | 6.7 Medium |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation. | ||||
CVE-2024-32849 | 1 Trendmicro | 1 Maximum Security | 2024-08-02 | 7.8 High |
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | ||||
CVE-2024-29976 | 2024-08-02 | 6.5 Medium | ||
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device. | ||||
CVE-2024-29975 | 2024-08-02 | 6.7 Medium | ||
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. | ||||
CVE-2024-32507 | 2024-08-02 | 8.8 High | ||
Improper Privilege Management vulnerability in Hamid Alinia – idehweb Login with phone number allows Privilege Escalation.This issue affects Login with phone number: from n/a through 1.7.16. |