Total
1767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3057 | 2024-10-10 | N/A | 9.8 CRITICAL | ||
| A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. | |||||
| CVE-2024-22068 | 2024-10-10 | N/A | 6.0 MEDIUM | ||
| Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. | |||||
| CVE-2024-7048 | 2024-10-10 | N/A | 6.3 MEDIUM | ||
| In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models. | |||||
| CVE-2024-38818 | 2024-10-10 | N/A | 6.7 MEDIUM | ||
| VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. | |||||
| CVE-2023-31062 | 1 Apache | 1 Inlong | 2024-10-09 | N/A | 9.8 CRITICAL |
| Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | |||||
| CVE-2023-21272 | 1 Google | 1 Android | 2024-10-09 | N/A | 7.8 HIGH |
| In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21269 | 1 Google | 1 Android | 2024-10-09 | N/A | 7.8 HIGH |
| In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-31469 | 1 Apache | 1 Streampipes | 2024-10-09 | N/A | 8.8 HIGH |
| A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0. | |||||
| CVE-2021-1719 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-10-08 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2021-1712 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-10-08 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2021-1709 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-10-08 | 7.2 HIGH | 7.0 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-1706 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-10-08 | 9.0 HIGH | 7.3 HIGH |
| Windows LUAFV Elevation of Privilege Vulnerability | |||||
| CVE-2021-1704 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-10-08 | 7.2 HIGH | 7.3 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2021-1703 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-10-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Event Logging Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-1702 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-10-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | |||||
| CVE-2021-1697 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-10-08 | 7.2 HIGH | 7.8 HIGH |
| Windows InstallService Elevation of Privilege Vulnerability | |||||
| CVE-2021-1695 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-10-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2021-1694 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-10-08 | 7.5 HIGH | 7.5 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2021-1693 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-10-08 | 7.2 HIGH | 7.8 HIGH |
| Windows CSC Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-1690 | 1 Microsoft | 1 Windows 10 | 2024-10-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows WalletService Elevation of Privilege Vulnerability | |||||