Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36534 | 2024-11-21 | 8.4 High | ||
| Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2024-31912 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 7.5 High |
| IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. | ||||
| CVE-2024-31760 | 2024-11-21 | 4.7 Medium | ||
| An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. | ||||
| CVE-2024-27460 | 2024-11-21 | 6.7 Medium | ||
| A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. | ||||
| CVE-2024-27453 | 1 Extremenetworks | 1 Extremexos | 2024-11-21 | 8.6 High |
| In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). | ||||
| CVE-2024-27273 | 2024-11-21 | 8.1 High | ||
| IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. | ||||
| CVE-2024-23794 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.2 Medium |
| An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the setting 'RequiredLock' of 'AgentFrontend::Ticket::InlineEditing::Property###Watch' in the system configuration.This issue affects OTRS: * 8.0.X * 2023.X * from 2024.X through 2024.4.x | ||||
| CVE-2024-20389 | 2024-11-21 | 7.8 High | ||
| A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user. | ||||
| CVE-2024-20320 | 2024-11-21 | 7.8 High | ||
| A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device. | ||||
| CVE-2024-0085 | 6 Canonical, Citrix, Microsoft and 3 more | 7 Ubuntu Linux, Hypervisor, Azure Stack Hci and 4 more | 2024-11-21 | 6.3 Medium |
| NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service. | ||||
| CVE-2023-6815 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-11-21 | 6.5 Medium |
| Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | ||||
| CVE-2023-5913 | 1 Microfocus | 1 Fortify Scancentral Dast | 2024-11-21 | 8.2 High |
| Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. | ||||
| CVE-2023-5080 | 1 Lenovo | 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more | 2024-11-21 | 6.8 Medium |
| A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | ||||
| CVE-2023-5077 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 7.6 High |
| The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. | ||||
| CVE-2023-49647 | 2 Microsoft, Zoom | 5 Windows, Meeting Software Development Kit, Video Software Development Kit and 2 more | 2024-11-21 | 8.8 High |
| Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2023-47140 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-21 | 4 Medium |
| IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. | ||||
| CVE-2023-3775 | 2 Hashicorp, Redhat | 2 Vault, Openshift | 2024-11-21 | 4.2 Medium |
| A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. | ||||
| CVE-2023-3518 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.4 High |
| HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1. | ||||
| CVE-2023-3300 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 5.3 Medium |
| HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1. | ||||
| CVE-2023-3072 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 4.1 Medium |
| HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | ||||