Total
2228 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-22264 | 1 Vmware | 1 Vmware Avi Load Balancer | 2025-03-27 | 7.2 High |
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system. | ||||
CVE-2024-21111 | 2 Microsoft, Oracle | 2 Windows, Vm Virtualbox | 2025-03-27 | 7.8 High |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
CVE-2023-42952 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-03-27 | 4.4 Medium |
The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information. | ||||
CVE-2022-37019 | 2025-03-27 | 6.8 Medium | ||
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. | ||||
CVE-2022-23455 | 1 Hp | 1 Support Assistant | 2025-03-27 | 7.8 High |
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | ||||
CVE-2021-3809 | 1 Hp | 362 Elite Dragonfly, Elite Dragonfly Firmware, Elite Slice and 359 more | 2025-03-27 | 7.8 High |
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. | ||||
CVE-2021-3808 | 1 Hp | 362 Elite Dragonfly, Elite Dragonfly Firmware, Elite Slice and 359 more | 2025-03-27 | 7.8 High |
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. | ||||
CVE-2021-3439 | 1 Hp | 754 200 G3 All-in-one \(rom Family Ssid 8431\), 200 G3 All-in-one \(rom Family Ssid 8431\) Firmware, 200 G3 All-in-one \(rom Family Ssid 84de\) and 751 more | 2025-03-27 | 7.8 High |
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. | ||||
CVE-2022-1804 | 2025-03-27 | 5.5 Medium | ||
accountsservice no longer drops permissions when writting .pam_environment | ||||
CVE-2024-58104 | 2025-03-27 | 7.3 High | ||
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2024-21121 | 1 Oracle | 1 Vm Virtualbox | 2025-03-27 | 6.5 Medium |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). | ||||
CVE-2023-0524 | 1 Tenable | 3 Nessus, Tenable.io, Tenable.sc | 2025-03-27 | 8.8 High |
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. | ||||
CVE-2022-4041 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 5.9 Medium |
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | ||||
CVE-2022-4441 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 7.6 High |
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | ||||
CVE-2022-45101 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 7.3 High |
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. | ||||
CVE-2024-23710 | 1 Google | 1 Android | 2025-03-26 | 7.8 High |
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2022-48019 | 1 Wfs | 1 Another Eden | 2025-03-26 | 7.8 High |
The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload. | ||||
CVE-2022-34384 | 1 Dell | 5 Alienware Update, Command Update, Supportassist For Business Pcs and 2 more | 2025-03-26 | 7.8 High |
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. | ||||
CVE-2023-20854 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2025-03-26 | 8.4 High |
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. | ||||
CVE-2025-2232 | 1 Purethemes | 1 Realteo | 2025-03-25 | 9.8 Critical |
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. |