ReportizFlow
Filtered by vendor
Subscriptions
Total
2680 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1563 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! before 2.5.3 allows Admin Account Creation. | ||||
| CVE-2012-1104 | 3 Apereo, Debian, Linux | 3 Phpcas, Debian Linux, Linux Kernel | 2024-11-21 | 5.3 Medium |
| A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | ||||
| CVE-2011-4954 | 1 Cobblerd | 1 Cobbler | 2024-11-21 | 7.8 High |
| cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE | ||||
| CVE-2011-3349 | 1 Lightdm Project | 1 Lightdm | 2024-11-21 | 7.8 High |
| lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | ||||
| CVE-2011-2910 | 2 Debian, Linux-ax25 | 2 Debian Linux, Ax25-tools | 2024-11-21 | 6.7 Medium |
| The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation. | ||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-11-21 | 8.8 High |
| In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | ||||
| CVE-2006-4243 | 1 Linux-vserver | 1 Linux-vserver | 2024-11-21 | 9.8 Critical |
| linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. | ||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2024-49558 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2024-24409 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-13 | 8.8 High |
| Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | ||||
| CVE-2024-51521 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.7 Medium |
| Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-7890 | 1 Citrix | 2 Workspace, Workspace App | 2024-10-22 | 7.3 High |
| Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
| CVE-2024-9471 | 1 Paloaltonetworks | 1 Pan-os | 2024-10-18 | 4.7 Medium |
| A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations. | ||||
| CVE-2024-45373 | 1 Doverfuelingsolutions | 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more | 2024-10-01 | 8.8 High |
| Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | ||||
| CVE-2024-8263 | 1 Github | 1 Enterprise Server | 2024-09-30 | 2.7 Low |
| An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-0003 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | ||||
| CVE-2024-45752 | 1 Pixlone | 1 Logiops | 2024-09-25 | 8.5 High |
| logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. | ||||
| CVE-2024-47000 | 1 Zitadel | 1 Zitadel | 2024-09-24 | 8.1 High |
| Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised t upgrade. Users unable to upgrade may instead of deactivating the service account, consider creating new credentials and replacing the old ones wherever they are used. This effectively prevents the deactivated service account from being utilized. Be sure to revoke all existing authentication keys associated with the service account and to rotate the service account's password. | ||||
| CVE-2024-46999 | 1 Zitadel | 1 Zitadel | 2024-09-24 | 7.3 High |
| Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API always returned the state as active or did not provide any information about the state. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly remove the user grants to make sure the user does not get access anymore. | ||||
| CVE-2024-8533 | 1 Rockwellautomation | 6 2800c Optixpanel Compact, 2800c Optixpanel Compact Firmware, 2800s Optixpanel Standard and 3 more | 2024-09-19 | 8.8 High |
| A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. | ||||