Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37025 | 1 Intel Advanced Link Analyzer Standard Edition Software Installer | 1 Intel Advanced Link Analyzer Standard Edition Software Installer | 2024-11-15 | 6.7 Medium |
Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-36426 | 1 Targit | 1 Decision Suite 23.2.15007.0 | 2024-09-27 | 7.5 High |
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session. | ||||
CVE-2023-4665 | 1 Saphira | 1 Connect | 2024-09-25 | 8.8 High |
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | ||||
CVE-2023-3915 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 6.5 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects. | ||||
CVE-2020-8025 | 1 Suse | 3 Linux Enterprise High Performance Computing, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2024-09-16 | 6.1 Medium |
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. | ||||
CVE-2017-8441 | 1 Elastic | 1 X-pack | 2024-08-05 | N/A |
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias. | ||||
CVE-2022-21699 | 3 Debian, Fedoraproject, Ipython | 3 Debian Linux, Fedora, Ipython | 2024-08-03 | 8.2 High |
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. | ||||
CVE-2023-50914 | 2024-08-02 | 6.7 Medium | ||
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe. | ||||
CVE-2023-4383 | 1 Escanav | 1 Escan Anti-virus | 2024-08-02 | 7.8 High |
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-37734 | 1 Openemr | 1 Openemr | 2024-08-02 | 9.8 Critical |
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. |
Page 1 of 1.