Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-07-30 | 4.6 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2021-23874 | 1 Mcafee | 1 Total Protection | 2024-07-25 | 4.6 MEDIUM | 7.8 HIGH |
| Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. | |||||
| CVE-2024-41666 | 2024-07-25 | N/A | 4.7 MEDIUM | ||
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21. | |||||
| CVE-2024-1575 | 2024-07-24 | N/A | 6.5 MEDIUM | ||
| The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. | |||||
| CVE-2020-11640 | 2024-07-24 | N/A | 8.8 HIGH | ||
| AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. | |||||
| CVE-2023-6735 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-07-23 | N/A | 7.8 HIGH |
| Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||
| CVE-2023-6740 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-07-23 | N/A | 7.8 HIGH |
| Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||
| CVE-2024-34457 | 2024-07-22 | N/A | N/A | ||
| On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | |||||
| CVE-2024-6908 | 2024-07-22 | N/A | N/A | ||
| Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. | |||||
| CVE-2024-5759 | 1 Tenable | 1 Security Center | 2024-07-19 | N/A | 6.3 MEDIUM |
| An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | |||||
| CVE-2024-30473 | 2024-07-19 | N/A | 4.9 MEDIUM | ||
| Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. | |||||
| CVE-2023-40223 | 2024-07-19 | N/A | 4.4 MEDIUM | ||
| Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor. | |||||
| CVE-2023-4976 | 2024-07-18 | N/A | N/A | ||
| A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. | |||||
| CVE-2024-4390 | 1 Depicter | 1 Depicter | 2024-07-17 | N/A | 6.5 MEDIUM |
| The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks. | |||||
| CVE-2024-5566 | 2024-07-17 | N/A | 5.8 MEDIUM | ||
| An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. | |||||
| CVE-2024-6325 | 2024-07-16 | N/A | N/A | ||
| The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | |||||
| CVE-2024-6326 | 2024-07-16 | N/A | N/A | ||
| An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network. | |||||
| CVE-2024-36499 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-16 | N/A | 5.5 MEDIUM |
| Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-36500 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-16 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-39819 | 2024-07-16 | N/A | 6.7 MEDIUM | ||
| Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. | |||||