Filtered by vendor
Subscriptions
Total
2022 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-0436 | 1 Cisco | 1 Webex Teams | 2024-11-26 | 8.7 High |
A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability. | ||||
CVE-2018-0437 | 2 Cisco, Microsoft | 3 Umbrella Enterprise Roaming Client, Umbrella Roaming Module, Windows | 2024-11-26 | N/A |
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. | ||||
CVE-2018-0438 | 2 Cisco, Microsoft | 2 Umbrella Enterprise Roaming Client, Windows | 2024-11-26 | N/A |
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. | ||||
CVE-2024-0353 | 2024-11-25 | 7.8 High | ||
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. | ||||
CVE-2023-5408 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-23 | 7.2 High |
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. | ||||
CVE-2024-8068 | 2024-11-22 | N/A | ||
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | ||||
CVE-2024-1442 | 1 Redhat | 2 Acm, Ceph Storage | 2024-11-22 | 6 Medium |
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization. | ||||
CVE-2019-1588 | 1 Cisco | 2 Nexus 9000, Nx-os | 2024-11-21 | 4.4 Medium |
A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h). | ||||
CVE-2024-8074 | 2024-11-21 | N/A | ||
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024. | ||||
CVE-2024-9479 | 1 Upkeeper Solutions | 1 Upkeeper Instant Privlege Access | 2024-11-21 | N/A |
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | ||||
CVE-2024-9478 | 1 Upkeeper Solutions | 1 Upkeeper Instant Privlege Access | 2024-11-21 | N/A |
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | ||||
CVE-2024-6908 | 2024-11-21 | N/A | ||
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. | ||||
CVE-2024-6326 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2024-11-21 | 5.5 Medium |
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network. | ||||
CVE-2024-6325 | 1 Rockwellautomation | 1 Factorytalk Policy Manager | 2024-11-21 | 6.5 Medium |
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | ||||
CVE-2024-6286 | 2024-11-21 | N/A | ||
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
CVE-2024-6240 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.7 High |
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system. | ||||
CVE-2024-6151 | 2024-11-21 | N/A | ||
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | ||||
CVE-2024-5909 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | 5.5 Medium |
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | ||||
CVE-2024-5907 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2024-11-21 | 7.0 High |
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. | ||||
CVE-2024-5759 | 1 Tenable | 1 Security Center | 2024-11-21 | 5.4 Medium |
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges |