Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2616 | 3 Debian, Redhat, Util-linux Project | 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-06-09 | N/A |
| A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. | ||||
| CVE-2025-32801 | 1 Redhat | 1 Enterprise Linux | 2025-05-29 | 7.8 High |
| Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | ||||
| CVE-2024-39866 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-05-01 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges. | ||||
| CVE-2019-14865 | 2 Gnu, Redhat | 5 Grub2, Enterprise Linux, Enterprise Linux Eus and 2 more | 2025-04-29 | 5.9 Medium |
| A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. | ||||
| CVE-2009-5147 | 2 Redhat, Ruby-lang | 2 Rhel Software Collections, Ruby | 2025-04-20 | N/A |
| DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | ||||
| CVE-2022-38124 | 1 Secomea | 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more | 2025-04-18 | 5.7 Medium |
| Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. | ||||
| CVE-2025-2903 | 2025-04-17 | N/A | ||
| An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM. | ||||
| CVE-2015-7551 | 3 Apple, Redhat, Ruby-lang | 3 Mac Os X, Rhel Software Collections, Ruby | 2025-04-12 | N/A |
| The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. | ||||
| CVE-2024-55968 | 2025-03-24 | 8.8 High | ||
| An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection. | ||||
| CVE-2024-32901 | 1 Google | 1 Android | 2025-03-24 | 7.8 High |
| In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-27895 | 1 Sap | 1 Authenticator | 2025-02-27 | 6.1 Medium |
| SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data. | ||||
| CVE-2025-23015 | 2025-02-15 | 8.8 High | ||
| Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue. | ||||
| CVE-2021-44476 | 1 Odoo | 1 Odoo | 2025-02-03 | 6.8 Medium |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | ||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2025-02-03 | 8.7 High |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | ||||
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 7.8 High |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | ||||
| CVE-2024-8539 | 4 Apple, Ivanti, Linux and 1 more | 4 Macos, Secure Access Client, Linux Kernel and 1 more | 2025-01-17 | 7.1 High |
| Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | ||||
| CVE-2024-9842 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | 7.3 High |
| Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | ||||
| CVE-2024-7571 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | 7.8 High |
| Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2023-41966 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2025-01-16 | 6.5 Medium |
| The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter. | ||||
| CVE-2023-2983 | 1 Pimcore | 1 Pimcore | 2025-01-10 | 8.8 High |
| Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. | ||||