Total
1966 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-5214 | 1 Puppet | 1 Bolt | 2024-09-19 | 6.5 Medium |
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | ||||
CVE-2024-45496 | 1 Redhat | 1 Openshift | 2024-09-19 | 9.9 Critical |
A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
CVE-2023-44105 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-19 | 9.8 Critical |
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
CVE-2024-8533 | 1 Rockwellautomation | 6 2800c Optixpanel Compact, 2800c Optixpanel Compact Firmware, 2800s Optixpanel Standard and 3 more | 2024-09-19 | 8.8 High |
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. | ||||
CVE-2024-7960 | 1 Rockwellautomation | 1 Pavilion8 | 2024-09-19 | 9.1 Critical |
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. | ||||
CVE-2024-8306 | 1 Schneider-electric | 2 Vijeo Designer, Vijeo Designer Embedded In Ecostruxure Machine Expert | 2024-09-18 | 7.8 High |
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries. | ||||
CVE-2013-0643 | 5 Adobe, Apple, Linux and 2 more | 5 Flash Player, Mac Os X, Linux Kernel and 2 more | 2024-09-18 | 8.8 High |
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | ||||
CVE-2023-48171 | 1 Owasp | 1 Defectdojo | 2024-09-18 | 8.8 High |
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | ||||
CVE-2024-46989 | 2024-09-18 | 3.7 Low | ||
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries. | ||||
CVE-2023-4936 | 1 Synaptics | 1 Displaylink Usb Graphics | 2024-09-18 | 5.5 Medium |
It is possible to sideload a compromised DLL during the installation at elevated privilege. | ||||
CVE-2024-45041 | 1 External-secrets | 2 External-secrets, External Secrets Operator | 2024-09-18 | 8.3 High |
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2. | ||||
CVE-2024-42798 | 1 Kashipara | 1 Music Management System | 2024-09-18 | 7.6 High |
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. | ||||
CVE-2023-44106 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-18 | 9.8 Critical |
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
CVE-2023-43960 | 2 D-link, Dlink | 3 Dph-400se Fru, Dph-400se, Dph-400se Firmware | 2024-09-18 | 8.8 High |
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. | ||||
CVE-2023-27316 | 1 Netapp | 1 Snapcenter | 2024-09-18 | 8.8 High |
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | ||||
CVE-2023-6477 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 6.7 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation. | ||||
CVE-2023-3907 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 4.9 Medium |
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner | ||||
CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2024-09-17 | 9.1 Critical |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
CVE-2024-37980 | 1 Microsoft | 1 Sql Server | 2024-09-17 | 8.8 High |
Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
CVE-2024-38014 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-17 | 7.8 High |
Windows Installer Elevation of Privilege Vulnerability |