Total
2332 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-22145 | 1 Instawp | 1 Instawp Connect | 2025-02-07 | 8.8 High |
Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8. | ||||
CVE-2023-1326 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-02-07 | 7.7 High |
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. | ||||
CVE-2023-24509 | 1 Arista | 21 704x3, 7304x, 7304x3 and 18 more | 2025-02-07 | 9.3 Critical |
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability. | ||||
CVE-2024-22068 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-02-07 | 6 Medium |
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. | ||||
CVE-2024-37455 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2025-02-07 | 8.8 High |
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. | ||||
CVE-2023-29018 | 1 Linuxfoundation | 1 Openfeature | 2025-02-06 | 8.1 High |
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify. | ||||
CVE-2022-37704 | 1 Zmanda | 1 Amanda | 2025-02-06 | 6.7 Medium |
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | ||||
CVE-2023-1548 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2025-02-05 | 5.5 Medium |
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | ||||
CVE-2023-4404 | 1 Wpcharitable | 1 Charitable | 2025-02-05 | 9.8 Critical |
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | ||||
CVE-2023-22645 | 1 Linuxfoundation | 1 Kubewarden-controller | 2025-02-05 | 8 High |
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. | ||||
CVE-2023-28122 | 1 Ui | 1 Desktop | 2025-02-05 | 7.8 High |
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. | ||||
CVE-2023-51479 | 1 Buildapp | 1 Build App Online | 2025-02-05 | 8.8 High |
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | ||||
CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2025-02-05 | 7.8 High |
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | ||||
CVE-2024-11467 | 2025-02-05 | 7.8 High | ||
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. | ||||
CVE-2020-8655 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-02-04 | 7.8 High |
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. | ||||
CVE-2023-2240 | 1 Microweber | 1 Microweber | 2025-02-04 | 8.8 High |
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. | ||||
CVE-2023-30622 | 1 Clusternet | 1 Clusternet | 2025-02-04 | 6.6 Medium |
Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue. | ||||
CVE-2024-47770 | 2025-02-04 | 4.6 Medium | ||
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-0172 | 1 Dell | 186 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 183 more | 2025-02-04 | 7.9 High |
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | ||||
CVE-2024-30473 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | 4.9 Medium |
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. |