Total
2200 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-04-11 | 4.6 MEDIUM | 8.8 HIGH |
A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||||
CVE-2020-24307 | 1 Mremoteng | 1 Mremoteng | 2024-04-11 | N/A | 7.8 HIGH |
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present. | |||||
CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-04-11 | 7.2 HIGH | 8.8 HIGH |
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | |||||
CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-04-11 | 4.4 MEDIUM | 7.8 HIGH |
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | |||||
CVE-2024-3388 | 2024-04-10 | N/A | 4.1 MEDIUM | ||
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | |||||
CVE-2024-28904 | 2024-04-10 | N/A | 7.8 HIGH | ||
Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
CVE-2024-21324 | 2024-04-10 | N/A | 7.2 HIGH | ||
Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
CVE-2024-27247 | 2024-04-10 | N/A | 5.5 MEDIUM | ||
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | |||||
CVE-2024-28905 | 2024-04-10 | N/A | 7.8 HIGH | ||
Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
CVE-2024-24694 | 2024-04-10 | N/A | 5.9 MEDIUM | ||
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
CVE-2023-32713 | 1 Splunk | 1 Splunk App For Stream | 2024-04-10 | N/A | 9.9 CRITICAL |
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. | |||||
CVE-2024-0082 | 2024-04-09 | N/A | 8.2 HIGH | ||
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering | |||||
CVE-2023-52716 | 2024-04-08 | N/A | N/A | ||
Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2023-52543 | 2024-04-08 | N/A | N/A | ||
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2023-6522 | 2024-04-05 | N/A | 7.2 HIGH | ||
Improper Privilege Management vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914. | |||||
CVE-2024-20282 | 2024-04-03 | N/A | 6.0 MEDIUM | ||
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device. | |||||
CVE-2024-2005 | 2024-04-03 | N/A | 9.0 CRITICAL | ||
In Blue PlanetĀ® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue PlanetĀ® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal. | |||||
CVE-2024-0172 | 2024-04-03 | N/A | 7.9 HIGH | ||
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | |||||
CVE-2023-47715 | 1 Ibm | 1 Storage Protect Plus | 2024-04-03 | N/A | 4.3 MEDIUM |
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538. | |||||
CVE-2024-3137 | 2024-04-02 | N/A | 7.1 HIGH | ||
Improper Privilege Management in uvdesk/community-skeleton |