Vulnerabilities (CVE)

Filtered by CWE-250
Total 77 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-35783 2024-11-12 N/A 9.1 CRITICAL
A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.
CVE-2024-50590 2024-11-08 N/A 7.8 HIGH
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”.  Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".
CVE-2024-20420 1 Cisco 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more 2024-10-31 N/A 8.8 HIGH
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user.
CVE-2024-47903 1 Siemens 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware 2024-10-30 N/A 9.1 CRITICAL
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices allows to write arbitrary files to the web server's DocumentRoot directory.
CVE-2024-9473 1 Paloaltonetworks 1 Globalprotect 2024-10-17 N/A 7.8 HIGH
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.
CVE-2024-43583 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-10-16 N/A 7.8 HIGH
Winlogon Elevation of Privilege Vulnerability
CVE-2024-7041 2024-10-10 N/A 6.5 MEDIUM
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users' memories without proper authorization.
CVE-2024-7387 2024-10-03 N/A 9.1 CRITICAL
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.
CVE-2023-5207 1 Gitlab 1 Gitlab 2024-10-03 N/A 8.8 HIGH
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
CVE-2024-38813 1 Vmware 1 Vcenter Server 2024-10-02 N/A 9.8 CRITICAL
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
CVE-2024-8903 2024-09-26 N/A 4.7 MEDIUM
Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.
CVE-2024-1222 2024-09-26 N/A 8.6 HIGH
This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.
CVE-2023-6006 2 Microsoft, Papercut 3 Windows, Papercut Mf, Papercut Ng 2024-09-26 N/A 6.7 MEDIUM
This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM Note: This CVE has been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.
CVE-2024-23743 2 Apple, Notion 2 Macos, Notion 2024-09-25 N/A 3.3 LOW
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."
CVE-2024-35154 1 Ibm 1 Websphere Application Server 2024-09-20 N/A 7.2 HIGH
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
CVE-2024-8767 2024-09-20 N/A 9.9 CRITICAL
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
CVE-2023-34118 1 Zoom 1 Rooms 2024-09-19 N/A 7.8 HIGH
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2024-5622 1 Br-automation 1 Industrial Automation Aprol 2024-09-13 N/A 7.8 HIGH
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
CVE-2024-5623 1 Br-automation 1 Industrial Automation Aprol 2024-09-13 N/A 7.8 HIGH
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
CVE-2024-6913 2 Microsoft, Perkinelmer 2 Windows, Processplus 2024-09-11 N/A 8.8 HIGH
Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0.