Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23990 | 2024-05-17 | N/A | 7.6 HIGH | ||
| Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0. | |||||
| CVE-2023-26540 | 2024-05-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | |||||
| CVE-2024-33567 | 2024-05-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | |||||
| CVE-2024-32959 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. | |||||
| CVE-2024-32960 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | |||||
| CVE-2023-33327 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. | |||||
| CVE-2023-6099 | 1 Szjocat | 1 Facial Love Cloud Platform | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2021-28250 | 1 Ca | 1 Ehealth Performance Manager | 2024-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-26594 | 1 Rangerstudio | 1 Directus | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-25651 | 1 Avaya | 1 Aura Utility Services | 2024-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2020-24307 | 1 Mremoteng | 1 Mremoteng | 2024-05-17 | N/A | 7.8 HIGH |
| An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present. | |||||
| CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-05-17 | 7.2 HIGH | 8.8 HIGH |
| TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | |||||
| CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-05-17 | 4.4 MEDIUM | 7.8 HIGH |
| A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | |||||
| CVE-2018-10172 | 1 7-zip | 1 7-zip | 2024-05-17 | 7.2 HIGH | 8.8 HIGH |
| 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows. | |||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-34082 | 2024-05-15 | N/A | 8.5 HIGH | ||
| Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch. | |||||
| CVE-2024-30007 | 2024-05-14 | N/A | 8.8 HIGH | ||
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
| CVE-2024-0096 | 2024-05-14 | N/A | 7.5 HIGH | ||
| NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | |||||
| CVE-2024-0097 | 2024-05-14 | N/A | 7.5 HIGH | ||
| NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | |||||
| CVE-2024-4545 | 2024-05-14 | N/A | 7.7 HIGH | ||
| All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access. | |||||