Total
2236 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28122 | 1 Ui | 1 Desktop | 2025-02-05 | 7.8 High |
| A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. | ||||
| CVE-2023-51479 | 1 Buildapp | 1 Build App Online | 2025-02-05 | 8.8 High |
| Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | ||||
| CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2025-02-05 | 7.8 High |
| The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | ||||
| CVE-2024-11467 | 2025-02-05 | 7.8 High | ||
| Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. | ||||
| CVE-2020-8655 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-02-04 | 7.8 High |
| An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. | ||||
| CVE-2023-2240 | 1 Microweber | 1 Microweber | 2025-02-04 | 8.8 High |
| Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. | ||||
| CVE-2023-30622 | 1 Clusternet | 1 Clusternet | 2025-02-04 | 6.6 Medium |
| Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue. | ||||
| CVE-2024-47770 | 2025-02-04 | 4.6 Medium | ||
| Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-0172 | 1 Dell | 186 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 183 more | 2025-02-04 | 7.9 High |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | ||||
| CVE-2024-30473 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | 4.9 Medium |
| Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. | ||||
| CVE-2023-25133 | 1 Cyberpower | 1 Powerpanel | 2025-02-04 | 9.1 Critical |
| Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | ||||
| CVE-2023-35674 | 1 Google | 1 Android | 2025-02-04 | 7.8 High |
| In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-12511 | 2025-02-03 | 7.6 High | ||
| With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. | ||||
| CVE-2024-52336 | 1 Redhat | 1 Enterprise Linux | 2025-02-03 | 7.8 High |
| A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | ||||
| CVE-2023-29240 | 1 F5 | 1 Big-iq Centralized Management | 2025-02-03 | 5.4 Medium |
| An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-3405 | 3 Acronis, Linux, Microsoft | 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more | 2025-02-03 | 8.8 High |
| Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | ||||
| CVE-2023-26246 | 1 Hyundai | 2 Gen5w L In-vehicle Infotainment System, Gen5w L In-vehicle Infotainment System Firmware | 2025-01-31 | 7.8 High |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. | ||||
| CVE-2023-26245 | 1 Hyundai | 2 Gen5w L In-vehicle Infotainment System, Gen5w L In-vehicle Infotainment System Firmware | 2025-01-31 | 7.8 High |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system. | ||||
| CVE-2023-26244 | 1 Hyundai | 2 Gen5w L In-vehicle Infotainment System, Gen5w L In-vehicle Infotainment System Firmware | 2025-01-31 | 7.8 High |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files. | ||||
| CVE-2022-1654 | 1 Artbees | 2 Jupiter, Jupiterx | 2025-01-31 | 8.8 High |
| Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions | ||||