Filtered by vendor
Subscriptions
Total
5451 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-0284 | 1 Cisco | 12 Meraki Mr, Meraki Mr 24 Firmware, Meraki Mr 25 Firmware and 9 more | 2024-11-26 | N/A |
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited. | ||||
CVE-2017-9711 | 1 Qualcomm | 46 Mdm9206, Mdm9206 Firmware, Mdm9607 and 43 more | 2024-11-25 | 6.7 Medium |
Certain unprivileged processes are able to perform IOCTL calls. | ||||
CVE-2020-25720 | 1 Redhat | 3 Enterprise Linux, Openshift, Storage | 2024-11-21 | 7.5 High |
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks. | ||||
CVE-2019-1594 | 1 Cisco | 12 Nexus 1000v, Nexus 2000, Nexus 3000 and 9 more | 2024-11-21 | N/A |
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). | ||||
CVE-2019-1727 | 1 Cisco | 27 Mds 9000, Mds 9100, Mds 9200 and 24 more | 2024-11-21 | 6.7 Medium |
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. | ||||
CVE-2019-1730 | 1 Cisco | 48 Nexus 3000, Nexus 3100, Nexus 3100-z and 45 more | 2024-11-21 | 6.7 Medium |
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account. | ||||
CVE-2019-1906 | 1 Cisco | 1 Prime Infrastructure | 2024-11-21 | 6.5 Medium |
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges. | ||||
CVE-2019-15960 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 5.4 Medium |
A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access. | ||||
CVE-2022-48508 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. | ||||
CVE-2024-5465 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.9 Medium |
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.2 Medium |
Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-22452 | 2024-11-21 | 7.3 High | ||
Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation. | ||||
CVE-2024-21469 | 1 Qualcomm | 450 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 447 more | 2024-11-21 | 7.3 High |
Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | ||||
CVE-2024-20361 | 2024-11-21 | 5.8 Medium | ||
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device. | ||||
CVE-2023-52106 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.4 Medium |
Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | ||||
CVE-2023-44281 | 1 Dell | 1 Pair | 2024-11-21 | 6.6 Medium |
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | ||||
CVE-2023-42005 | 1 Ibm | 2 Db2, Db2 Warehouse | 2024-11-21 | 7.4 High |
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264. | ||||
CVE-2023-3599 | 1 Best Fee Management System Project | 1 Best Fee Management System | 2024-11-21 | 6.3 Medium |
A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability. | ||||
CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | ||||
CVE-2023-39394 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified. |