Total
1965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5525 | 2024-08-01 | 8.3 High | ||
| Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions. | ||||
| CVE-2024-4545 | 2024-08-01 | 7.7 High | ||
| All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access. | ||||
| CVE-2024-4395 | 2024-08-01 | 7.8 High | ||
| The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. | ||||
| CVE-2024-4390 | 1 Depicter | 1 Depicter | 2024-08-01 | 6.5 Medium |
| The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks. | ||||
| CVE-2024-4017 | 2024-08-01 | 8.8 High | ||
| Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | ||||
| CVE-2024-4018 | 2024-08-01 | 8.8 High | ||
| Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | ||||
| CVE-2024-3507 | 2024-08-01 | 7.7 High | ||
| Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. | ||||
| CVE-2024-3470 | 2024-08-01 | 5.9 Medium | ||
| An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-3388 | 2024-08-01 | 4.1 Medium | ||
| A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | ||||
| CVE-2024-3325 | 2024-08-01 | N/A | ||
| Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. | ||||
| CVE-2024-2859 | 2024-08-01 | 6.8 Medium | ||
| By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | ||||
| CVE-2024-2228 | 2024-08-01 | 7.1 High | ||
| This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. | ||||
| CVE-2024-2003 | 2024-08-01 | 7.3 High | ||
| Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. | ||||
| CVE-2024-1575 | 2024-08-01 | 6.5 Medium | ||
| The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. | ||||
| CVE-2024-1442 | 1 Redhat | 1 Ceph Storage | 2024-08-01 | 6 Medium |
| A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization. | ||||
| CVE-2024-0833 | 1 Progress | 1 Telerik Test Studio | 2024-08-01 | 7.8 High |
| In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | ||||
| CVE-2024-0751 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-08-01 | 8.8 High |
| A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0674 | 1 Lamassu | 4 Douro, Douro Firmware, Douro Ii and 1 more | 2024-08-01 | 6.3 Medium |
| Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js. | ||||
| CVE-2024-0219 | 1 Progress | 1 Telerik Justdecompile | 2024-08-01 | 7.8 High |
| In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | ||||
| CVE-2024-0082 | 2024-08-01 | 8.2 High | ||
| NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering | ||||