Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44547 | 1 Odoo | 1 Odoo | 2024-07-15 | N/A | 9.1 CRITICAL |
| A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | |||||
| CVE-2021-44476 | 1 Odoo | 1 Odoo | 2024-07-15 | N/A | 6.8 MEDIUM |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | |||||
| CVE-2021-23186 | 1 Odoo | 1 Odoo | 2024-07-15 | N/A | 8.7 HIGH |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | |||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2024-07-15 | N/A | 8.7 HIGH |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | |||||
| CVE-2024-39866 | 2024-07-09 | N/A | 8.8 HIGH | ||
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges. | |||||
| CVE-2023-28049 | 1 Dell | 1 Command \| Monitor | 2024-02-13 | N/A | 7.1 HIGH |
| Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. | |||||
| CVE-2019-14865 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Enterprise Linux Eus | 2024-02-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. | |||||
| CVE-2023-41966 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2023-11-07 | N/A | 8.8 HIGH |
| The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter. | |||||
| CVE-2019-10170 | 1 Redhat | 1 Keycloak | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user. | |||||
| CVE-2019-10169 | 1 Redhat | 1 Keycloak | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. | |||||
| CVE-2023-43746 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2023-11-02 | N/A | 8.7 HIGH |
| When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-44218 | 1 Sonicwall | 1 Netextender | 2023-10-04 | N/A | 7.8 HIGH |
| A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. | |||||
| CVE-2023-32457 | 1 Dell | 1 Powerscale Onefs | 2023-09-01 | N/A | 8.8 HIGH |
| Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2023-2983 | 1 Pimcore | 1 Pimcore | 2023-06-05 | N/A | 8.8 HIGH |
| Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. | |||||
| CVE-2023-27895 | 1 Sap | 1 Authenticator | 2023-04-11 | N/A | 6.5 MEDIUM |
| SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data. | |||||
| CVE-2020-29396 | 2 Odoo, Python | 2 Odoo, Python | 2023-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. | |||||
| CVE-2022-38124 | 1 Secomea | 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more | 2022-12-16 | N/A | 6.5 MEDIUM |
| Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. | |||||
| CVE-2021-40354 | 1 Siemens | 1 Teamcenter Visualization | 2022-08-12 | 5.5 MEDIUM | 7.1 HIGH |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks". | |||||
| CVE-2021-32739 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2021-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects. | |||||
| CVE-2020-7824 | 1 Ericssonlg | 1 Ipecs | 2020-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. | |||||