Total
1767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1642 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-10-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||
| CVE-2024-44439 | 2024-10-08 | N/A | 5.9 MEDIUM | ||
| An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. | |||||
| CVE-2024-9265 | 1 Coderevolution | 1 Echo Rss Feed Post Generator | 2024-10-07 | N/A | 9.8 CRITICAL |
| The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator. | |||||
| CVE-2024-28813 | 2024-10-04 | N/A | 8.4 HIGH | ||
| An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. | |||||
| CVE-2024-46549 | 2024-10-04 | N/A | 7.6 HIGH | ||
| An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. | |||||
| CVE-2024-44097 | 2024-10-04 | N/A | 9.8 CRITICAL | ||
| According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server." | |||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2024-10-03 | N/A | 7.5 HIGH |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | |||||
| CVE-2023-32559 | 1 Nodejs | 1 Node.js | 2024-10-03 | N/A | 7.5 HIGH |
| A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | |||||
| CVE-2023-36100 | 1 Macwk | 1 Icecms | 2024-10-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. | |||||
| CVE-2024-45373 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 8.8 HIGH |
| Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | |||||
| CVE-2020-35593 | 1 Bmc | 1 Patrol Agent | 2024-09-30 | N/A | 7.8 HIGH |
| BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. | |||||
| CVE-2024-8263 | 1 Github | 1 Enterprise Server | 2024-09-30 | N/A | 2.7 LOW |
| An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-35674 | 1 Google | 1 Android | 2024-09-30 | N/A | 7.8 HIGH |
| In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2024-09-27 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2024-09-27 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2024-0003 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 7.2 HIGH |
| A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | |||||
| CVE-2024-6482 | 1 Idehweb | 1 Login With Phone Number | 2024-09-27 | N/A | 8.8 HIGH |
| The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49. | |||||
| CVE-2024-8247 | 1 Tribulant | 1 Newsletters | 2024-09-26 | N/A | 8.8 HIGH |
| The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited. | |||||
| CVE-2023-32426 | 1 Apple | 1 Macos | 2024-09-26 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges. | |||||
| CVE-2023-29166 | 1 Apple | 1 Pro Video Formats | 2024-09-26 | N/A | 8.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges. | |||||