Filtered by CWE-269
Filtered by vendor Subscriptions
Total 2021 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44076 1 Microcks 1 Microcks 2024-08-21 9.8 Critical
In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.
CVE-2024-33872 1 Keyfactor 1 Command 2024-08-20 9.8 Critical
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.
CVE-2024-22069 1 Zte 4 Zxv10 Et301, Zxv10 Et301 Firmware, Zxv10 Xt802 and 1 more 2024-08-20 7.1 High
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
CVE-2024-43245 1 Eyecix 1 Jobsearch Wp Job Board 2024-08-20 9.8 Critical
Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4.
CVE-2024-6359 1 Opentext 1 Arcsight Intelligence 2024-08-19 6.4 Medium
Privilege escalation vulnerability identified in OpenText ArcSight Intelligence.
CVE-2024-42995 1 Vtiger 1 Vtiger Crm 2024-08-19 8.3 High
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVE-2024-21807 1 Intel 1 Ethernet Complete Driver Pack 2024-08-16 8.8 High
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22278 1 Linuxfoundation 1 Harbor 2024-08-15 6.4 Medium
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
CVE-2024-41903 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 6.6 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption.
CVE-2024-6758 1 Sprecher-automation 24 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dd6-2 and 21 more 2024-08-13 6.5 Medium
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.
CVE-2024-27442 1 Zimbra 1 Collaboration 2024-08-13 7.8 High
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.
CVE-2024-43153 2024-08-13 9.8 Critical
Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10.
CVE-2024-43121 1 Realmag777 1 Husky 2024-08-13 9.1 Critical
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
CVE-2024-7525 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.1 Critical
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-41949 1 Biscuitsec 1 Biscuit-auth 2024-08-09 3 Low
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.
CVE-2024-38770 1 Revmakx 1 Backup And Staging By Wp Time Capsule 2024-08-07 9.8 Critical
Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.
CVE-2024-39633 1 Ideabox 1 Powerpack For Beaver Builder 2024-08-07 8.8 High
Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0.
CVE-2024-7291 1 Crocoblock 1 Jetelements 2024-08-07 7.2 High
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites.
CVE-2024-38775 2024-08-02 7.2 High
Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6.
CVE-2024-39634 1 Ideabox 1 Powerpack Pro For Elementor 2024-08-02 8.8 High
Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14.