Search
Total
1819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | |||||
| CVE-2021-30152 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. | |||||
| CVE-2020-28014 | 1 Exim | 1 Exim | 2022-07-12 | 5.6 MEDIUM | 6.1 MEDIUM |
| Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | |||||
| CVE-2018-14791 | 1 Emerson | 1 Deltav | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | |||||
| CVE-2017-20107 | 2 Microsoft, Shadeyouvpn.com Project | 2 Windows, Shadeyouvpn.com | 2022-07-11 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20121 | 1 Teradici | 1 Pcoip Management Console | 2022-07-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-1579 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller | 2022-07-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device. | |||||
| CVE-2022-1746 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-06 | 7.2 HIGH | 7.6 HIGH |
| The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment. | |||||
| CVE-2020-7305 | 1 Mcafee | 1 Data Loss Prevention | 2022-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. | |||||
| CVE-2020-7281 | 1 Mcafee | 1 Total Protection | 2022-07-01 | 1.9 LOW | 6.3 MEDIUM |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2022-32535 | 1 Bosch | 2 Pra-es8p2s, Pra-es8p2s Firmware | 2022-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch. | |||||
| CVE-2022-32536 | 1 Bosch | 2 Pra-es8p2s, Pra-es8p2s Firmware | 2022-07-01 | 9.0 HIGH | 8.8 HIGH |
| The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights. | |||||
| CVE-2022-31214 | 1 Firejail Project | 1 Firejail | 2022-06-29 | 7.2 HIGH | 7.8 HIGH |
| A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. | |||||
| CVE-2022-29218 | 1 Rubygems | 1 Rubygems.org | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue. | |||||
| CVE-2018-25044 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2022-2023 | 1 Trudesk Project | 1 Trudesk | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. | |||||
| CVE-2017-20081 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/reports.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20080 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20079 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Hindu Matrimonial Script. Affected by this vulnerability is an unknown functionality of the file /admin/photo.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20078 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20077 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/success_story.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20076 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20075 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20074 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20072 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20073 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20071 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20070 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20069 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20068 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20028 | 1 Humhub | 1 Humhub | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-31219 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | |||||
| CVE-2022-31218 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | |||||
| CVE-2022-31217 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | |||||
| CVE-2022-20819 | 1 Cisco | 1 Identity Services Engine | 2022-06-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration. | |||||
| CVE-2017-20049 | 1 Axis | 12 M3005, M3005 Firmware, M3007 and 9 more | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. | |||||
| CVE-2021-40776 | 3 Adobe, Apple, Microsoft | 3 Lightroom, Macos, Windows | 2022-06-24 | 6.6 MEDIUM | 6.1 MEDIUM |
| Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2022-26057 | 1 Abb | 1 Mint Workbench | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product | |||||
| CVE-2022-31216 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | |||||
| CVE-2022-2063 | 1 Xgenecloud | 1 Nocodb | 2022-06-22 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2022-32272 | 1 Opswat | 1 Metadefender | 2022-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. | |||||
| CVE-2022-30610 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2022-06-17 | 3.5 LOW | 4.5 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. | |||||
| CVE-2019-25068 | 1 Axiositalia | 1 Registro Elettronico | 2022-06-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely. | |||||
| CVE-2019-9971 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2022-06-14 | 9.0 HIGH | 8.8 HIGH |
| PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. | |||||
| CVE-2022-22187 | 1 Juniper | 1 Identity Management Service | 2022-06-13 | 7.2 HIGH | 7.8 HIGH |
| An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0. | |||||
| CVE-2022-30743 | 1 Samsung | 1 Account | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | |||||
| CVE-2022-30739 | 1 Samsung | 1 Account | 2022-06-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. | |||||
| CVE-2022-30735 | 1 Samsung | 1 Account | 2022-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. | |||||
| CVE-2022-30736 | 1 Samsung | 1 Account | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | |||||
| CVE-2020-36542 | 1 Demokratian | 1 Demokratian | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||