Total
239 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21184 | 1 Oracle | 1 Database Server | 2024-11-21 | 7.2 High |
| Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XS_DIAG privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks of this vulnerability can result in takeover of Oracle Database RDBMS Security. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-20435 | 1 Cisco | 1 Secure Web Appliance | 2024-11-21 | 8.8 High |
| A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials. | ||||
| CVE-2024-0084 | 5 Canonical, Citrix, Nvidia and 2 more | 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more | 2024-11-21 | 7.8 High |
| NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. | ||||
| CVE-2024-0073 | 2024-11-21 | 7.8 High | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2023-5207 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.2 High |
| A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | ||||
| CVE-2023-50015 | 2024-11-21 | 8.8 High | ||
| An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. | ||||
| CVE-2023-4814 | 1 Trellix | 1 Data Loss Prevention | 2024-11-21 | 7.1 High |
| A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | ||||
| CVE-2023-4003 | 1 Oneidentity | 1 Password Manager | 2024-11-21 | 7.6 High |
| One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. | ||||
| CVE-2023-46360 | 1 Hardy-barth | 2 Cph2 Echarge, Cph2 Echarge Firmware | 2024-11-21 | 8.8 High |
| Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. | ||||
| CVE-2023-43018 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | ||||
| CVE-2023-39261 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | ||||
| CVE-2023-38042 | 2024-11-21 | N/A | ||
| A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. | ||||
| CVE-2023-34118 | 1 Zoom | 1 Rooms | 2024-11-21 | 7.3 High |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-32486 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 6.7 Medium |
| Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2023-31175 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2024-11-21 | 8.8 High |
| An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | ||||
| CVE-2023-30998 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2024-11-21 | 7.8 High |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649. | ||||
| CVE-2023-30997 | 1 Ibm | 2 Security Access Manager, Security Verify Access Docker | 2024-11-21 | 7.8 High |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638. | ||||
| CVE-2023-30617 | 1 Openkruise | 1 Kruise | 2024-11-21 | 6.5 Medium |
| Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege. | ||||
| CVE-2023-2002 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2024-11-21 | 6.8 Medium |
| A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. | ||||
| CVE-2023-27313 | 1 Netapp | 1 Snapcenter | 2024-11-21 | 8.3 High |
| SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | ||||