Total
239 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27312 | 1 Netapp | 1 Snapcenter Plug-in | 2024-11-21 | 5.4 Medium |
| SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. | ||||
| CVE-2023-20217 | 1 Cisco | 2 Thousandeyes Enterprise Agent, Thousandeyes Recorder | 2024-11-21 | 5.5 Medium |
| A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device. | ||||
| CVE-2023-20210 | 1 Cisco | 32 Broadworks Application Delivery Platform, Broadworks Application Delivery Platform Firmware, Broadworks Application Server and 29 more | 2024-11-21 | 6 Medium |
| A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device. | ||||
| CVE-2023-1943 | 1 Kubernetes | 2 Kops, Operations | 2024-11-21 | 8 High |
| Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. | ||||
| CVE-2022-40182 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “--no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser. | ||||
| CVE-2022-32535 | 1 Bosch | 2 Pra-es8p2s, Pra-es8p2s Firmware | 2024-11-21 | 4.8 Medium |
| The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch. | ||||
| CVE-2022-31676 | 7 Debian, Fedoraproject, Linux and 4 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-11-21 | 7.8 High |
| VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | ||||
| CVE-2022-30695 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 7.8 High |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | ||||
| CVE-2022-27578 | 1 Sick | 1 Overall Equipment Effectiveness | 2024-11-21 | 7.8 High |
| An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | ||||
| CVE-2022-24113 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2024-11-21 | 7.8 High |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | ||||
| CVE-2022-20676 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 5.1 Medium |
| A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. | ||||
| CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.8 High |
| Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | ||||
| CVE-2022-0071 | 1 Hotdog Project | 1 Hotdog | 2024-11-21 | 8.8 High |
| Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked. | ||||
| CVE-2022-0070 | 2 Amazon, Linux | 2 Log4jhotpatch, Linux Kernel | 2024-11-21 | 8.8 High |
| Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. | ||||
| CVE-2021-41035 | 2 Eclipse, Redhat | 3 Openj9, Enterprise Linux, Rhel Extras | 2024-11-21 | 9.8 Critical |
| In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | ||||
| CVE-2021-3576 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2024-11-21 | 7.8 High |
| Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. | ||||
| CVE-2021-3101 | 1 Hotdog Project | 1 Hotdog | 2024-11-21 | 8.8 High |
| Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container. | ||||
| CVE-2021-3100 | 2 Amazon, Linux | 2 Log4jhotpatch, Linux Kernel | 2024-11-21 | 8.8 High |
| The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. | ||||
| CVE-2021-37174 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access. | ||||
| CVE-2021-36339 | 1 Dell | 7 Powermax Os, Solutions Enabler, Solutions Enabler Virtual Appliance and 4 more | 2024-11-21 | 7.8 High |
| The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. | ||||