ReportizFlow
Filtered by vendor
Subscriptions
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-22 | 7.8 High |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | ||||
| CVE-2024-8631 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 Medium |
| A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles. | ||||
| CVE-2024-39866 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges. | ||||
| CVE-2023-44218 | 1 Sonicwall | 1 Netextender | 2024-11-21 | 8.8 High |
| A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. | ||||
| CVE-2023-43746 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2024-11-21 | 8.7 High |
| When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-41966 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2024-11-21 | 6.5 Medium |
| The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter. | ||||
| CVE-2023-32457 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 7.5 High |
| Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2023-2983 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 8.8 High |
| Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. | ||||
| CVE-2023-28049 | 1 Dell | 1 Command \| Monitor | 2024-11-21 | 4.7 Medium |
| Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. | ||||
| CVE-2023-27895 | 1 Sap | 1 Authenticator | 2024-11-21 | 6.1 Medium |
| SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data. | ||||
| CVE-2023-22647 | 1 Suse | 1 Rancher | 2024-11-21 | 9.9 Critical |
| An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | ||||
| CVE-2022-38124 | 1 Secomea | 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more | 2024-11-21 | 5.7 Medium |
| Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. | ||||
| CVE-2022-21499 | 3 Debian, Oracle, Redhat | 5 Debian Linux, Linux, Enterprise Linux and 2 more | 2024-11-21 | 6.7 Medium |
| KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2021-44547 | 1 Odoo | 1 Odoo | 2024-11-21 | 9.1 Critical |
| A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | ||||
| CVE-2021-44476 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.8 Medium |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | ||||
| CVE-2021-40354 | 1 Siemens | 1 Teamcenter Visualization | 2024-11-21 | 7.1 High |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks". | ||||
| CVE-2021-32739 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2024-11-21 | 8.8 High |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects. | ||||
| CVE-2021-23186 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.7 High |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | ||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.7 High |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | ||||
| CVE-2020-7824 | 1 Ericssonlg | 1 Ipecs | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. | ||||