Search
Total
1288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42287 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42286 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |||||
| CVE-2021-42291 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42285 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-41377 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-41367 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-41370 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42282 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-36957 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||
| CVE-2021-42283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 8.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-41366 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |||||
| CVE-2023-3907 | 1 Gitlab | 1 Gitlab | 2023-12-21 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner | |||||
| CVE-2022-21902 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2023-41119 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands. | |||||
| CVE-2023-45253 | 2 Huddly, Microsoft | 2 Huddlycameraservices, Windows | 2023-12-08 | N/A | 7.8 HIGH |
| An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. | |||||
| CVE-2023-6218 | 1 Progress | 1 Moveit Transfer | 2023-12-05 | N/A | 7.2 HIGH |
| In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator. | |||||
| CVE-2023-6150 | 1 Eskom | 1 E-belediye | 2023-12-05 | N/A | 7.5 HIGH |
| Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. | |||||
| CVE-2023-6151 | 1 Eskom | 1 E-belediye | 2023-12-05 | N/A | 7.5 HIGH |
| Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. | |||||
| CVE-2023-6119 | 1 Trellix | 1 Getsusp | 2023-11-29 | N/A | 7.8 HIGH |
| An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this runs with high privileges, the attacker gains elevated permissions. The file handles are opened as read-only. | |||||
| CVE-2023-20563 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2023-11-28 | N/A | 7.8 HIGH |
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-20565 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2023-11-28 | N/A | 7.8 HIGH |
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41974 | 3 Debian, Fedoraproject, Opensvc | 3 Debian Linux, Fedora, Multipath-tools | 2023-11-25 | N/A | 7.8 HIGH |
| multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | |||||
| CVE-2020-15862 | 3 Canonical, Net-snmp, Netapp | 6 Ubuntu Linux, Net-snmp, Cloud Backup and 3 more | 2023-11-22 | 7.2 HIGH | 7.8 HIGH |
| Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. | |||||
| CVE-2023-44282 | 1 Dell | 1 Repository Manager | 2023-11-20 | N/A | 7.8 HIGH |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | |||||
| CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2023-11-20 | N/A | 7.8 HIGH |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | |||||
| CVE-2023-22809 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2023-11-17 | N/A | 7.8 HIGH |
| In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | |||||
| CVE-2023-43018 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-11-09 | N/A | 7.5 HIGH |
| IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | |||||
| CVE-2022-25636 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300e and 10 more | 2023-11-09 | 6.9 MEDIUM | 7.8 HIGH |
| net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||||
| CVE-2023-21269 | 1 Google | 1 Android | 2023-08-24 | N/A | 7.8 HIGH |
| In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-3160 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2023-08-21 | N/A | 7.8 HIGH |
| The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. | |||||
| CVE-2023-27558 | 2 Ibm, Microsoft | 2 Db2, Windows | 2023-08-18 | N/A | 7.8 HIGH |
| IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194. | |||||
| CVE-2023-37859 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-15 | N/A | 7.2 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | |||||
| CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2023-08-15 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2023-4009 | 1 Mongodb | 1 Ops Manager Server | 2023-08-14 | N/A | 7.2 HIGH |
| In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | |||||
| CVE-2023-30680 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 7.8 HIGH |
| Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. | |||||
| CVE-2023-39520 | 1 Cryptomator | 1 Cryptomator | 2023-08-11 | N/A | 7.8 HIGH |
| Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround. | |||||
| CVE-2023-31432 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-08-08 | N/A | 7.8 HIGH |
| Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
| CVE-2023-4140 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 8.8 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter. | |||||
| CVE-2021-3020 | 1 Clusterlabs | 1 Hawk | 2023-08-08 | N/A | 8.8 HIGH |
| An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. | |||||
| CVE-2022-34006 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | |||||
| CVE-2021-31168 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-31169 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-31969 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-40464 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2023-08-01 | 5.2 MEDIUM | 8.0 HIGH |
| Windows Nearby Sharing Elevation of Privilege Vulnerability | |||||
| CVE-2021-40466 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-40467 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-40477 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-40478 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-41335 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-41345 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||