Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32853 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 4.4 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2024-31890 | 1 Ibm | 1 I | 2024-11-21 | 7.8 High |
| IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171. | ||||
| CVE-2024-27260 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 8.4 High |
| IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | ||||
| CVE-2024-27110 | 2024-11-21 | 8.4 High | ||
| Elevation of privilege vulnerability in GE HealthCare EchoPAC products | ||||
| CVE-2024-25421 | 2024-11-21 | 9.8 Critical | ||
| An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. | ||||
| CVE-2024-24245 | 2024-11-21 | 7.8 High | ||
| An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. | ||||
| CVE-2024-23743 | 2 Apple, Notion | 2 Macos, Notion | 2024-11-21 | 3.3 Low |
| Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment." | ||||
| CVE-2024-23299 | 1 Apple | 1 Macos | 2024-11-21 | 8.6 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox. | ||||
| CVE-2024-21184 | 1 Oracle | 1 Database Server | 2024-11-21 | 7.2 High |
| Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XS_DIAG privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks of this vulnerability can result in takeover of Oracle Database RDBMS Security. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-20435 | 1 Cisco | 1 Secure Web Appliance | 2024-11-21 | 8.8 High |
| A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials. | ||||
| CVE-2024-0084 | 5 Canonical, Citrix, Nvidia and 2 more | 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more | 2024-11-21 | 7.8 High |
| NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. | ||||
| CVE-2024-0073 | 2024-11-21 | 7.8 High | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2023-5207 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.2 High |
| A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | ||||
| CVE-2023-50015 | 2024-11-21 | 8.8 High | ||
| An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. | ||||
| CVE-2023-4814 | 1 Trellix | 1 Data Loss Prevention | 2024-11-21 | 7.1 High |
| A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | ||||
| CVE-2023-4003 | 1 Oneidentity | 1 Password Manager | 2024-11-21 | 7.6 High |
| One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. | ||||
| CVE-2023-46360 | 1 Hardy-barth | 2 Cph2 Echarge, Cph2 Echarge Firmware | 2024-11-21 | 8.8 High |
| Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. | ||||
| CVE-2023-43018 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | ||||
| CVE-2023-39261 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | ||||
| CVE-2023-38042 | 2024-11-21 | N/A | ||
| A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. | ||||