Vulnerabilities (CVE)

Filtered by CWE-269
Total 2189 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-26169 2024-04-11 N/A 7.8 HIGH
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2022-40297 1 Ubports 1 Ubuntu Touch 2024-04-11 N/A 7.8 HIGH
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.
CVE-2021-28250 1 Ca 1 Ehealth Performance Manager 2024-04-11 4.6 MEDIUM 7.8 HIGH
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-26594 1 Rangerstudio 1 Directus 2024-04-11 6.5 MEDIUM 8.8 HIGH
In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-25651 1 Avaya 1 Aura Utility Services 2024-04-11 4.6 MEDIUM 7.8 HIGH
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services
CVE-2021-25650 1 Avaya 1 Aura Utility Services 2024-04-11 4.6 MEDIUM 8.8 HIGH
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
CVE-2020-24307 1 Mremoteng 1 Mremoteng 2024-04-11 N/A 7.8 HIGH
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
CVE-2020-18171 2 Microsoft, Techsmith 2 Windows, Snagit 2024-04-11 7.2 HIGH 8.8 HIGH
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details
CVE-2020-18169 2 Microsoft, Techsmith 2 Windows, Snagit 2024-04-11 4.4 MEDIUM 7.8 HIGH
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details
CVE-2024-3388 2024-04-10 N/A 4.1 MEDIUM
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
CVE-2024-29052 2024-04-10 N/A 7.8 HIGH
Windows Storage Elevation of Privilege Vulnerability
CVE-2024-28904 2024-04-10 N/A 7.8 HIGH
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-21324 2024-04-10 N/A 7.2 HIGH
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-27247 2024-04-10 N/A 5.5 MEDIUM
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-28905 2024-04-10 N/A 7.8 HIGH
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-24694 2024-04-10 N/A 5.9 MEDIUM
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-32713 1 Splunk 1 Splunk App For Stream 2024-04-10 N/A 9.9 CRITICAL
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.
CVE-2024-0082 2024-04-09 N/A 8.2 HIGH
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
CVE-2023-52716 2024-04-08 N/A N/A
Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52543 2024-04-08 N/A N/A
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.