Total
2009 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1754 | 1 Cisco | 1 Ios Xe | 2024-11-20 | 8.8 High |
| A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. | ||||
| CVE-2019-1939 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2024-11-20 | 8.8 High |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. | ||||
| CVE-2024-9478 | 1 Upkeeper Solutions | 1 Upkeeper Instant Privlege Access | 2024-11-20 | N/A |
| Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | ||||
| CVE-2024-9479 | 1 Upkeeper Solutions | 1 Upkeeper Instant Privlege Access | 2024-11-20 | N/A |
| Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | ||||
| CVE-2024-31141 | 2024-11-19 | 6.5 Medium | ||
| Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products. This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0. Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none". Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds. For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property. For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property. | ||||
| CVE-2021-46894 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-19 | 9.8 Critical |
| Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation. | ||||
| CVE-2022-48515 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-19 | 7.5 High |
| Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-1733 | 1 Microsoft | 1 Psexec | 2024-11-19 | 7.8 High |
| Sysinternals PsExec Elevation of Privilege Vulnerability | ||||
| CVE-2021-1706 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-19 | 7.3 High |
| Windows LUAFV Elevation of Privilege Vulnerability | ||||
| CVE-2021-1681 | 1 Microsoft | 7 Windows 10, Windows 10 1507, Windows 10 1607 and 4 more | 2024-11-19 | 7.8 High |
| Windows WalletService Elevation of Privilege Vulnerability | ||||
| CVE-2024-9192 | 1 Pressaholic | 1 Wordpress Video Robot | 2024-11-19 | 8.8 High |
| The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator. | ||||
| CVE-2021-1657 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-19 | 7.8 High |
| Windows Fax Compose Form Remote Code Execution Vulnerability | ||||
| CVE-2021-1646 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-19 | 6.6 Medium |
| Windows WLAN Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-34459 | 1 Microsoft | 15 Windows 10, Windows 10 1507, Windows 10 1607 and 12 more | 2024-11-19 | 7.8 High |
| Windows AppContainer Elevation Of Privilege Vulnerability | ||||
| CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-11-19 | 8.8 High |
| TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | ||||
| CVE-2021-36957 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-18 | 7.8 High |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | ||||
| CVE-2021-36973 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2024-11-18 | 7.8 High |
| Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | ||||
| CVE-2021-38633 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-18 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2021-42286 | 1 Microsoft | 8 Windows 10, Windows 10 1809, Windows 10 20h2 and 5 more | 2024-11-18 | 7.8 High |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | ||||
| CVE-2021-42303 | 1 Microsoft | 1 Azure Real Time Operating System | 2024-11-18 | 6.6 Medium |
| Azure RTOS Elevation of Privilege Vulnerability | ||||