Total
130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28139 | 2024-12-12 | N/A | 8.8 HIGH | ||
| The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future. | |||||
| CVE-2024-28140 | 2024-12-12 | N/A | 6.1 MEDIUM | ||
| The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output. | |||||
| CVE-2023-42954 | 1 Claris | 2 Claris Pro, Filemaker Server | 2024-12-09 | N/A | 4.9 MEDIUM |
| A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests. | |||||
| CVE-2021-38118 | 2024-11-22 | N/A | 5.5 MEDIUM | ||
| Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | |||||
| CVE-2024-38813 | 1 Vmware | 1 Vcenter Server | 2024-11-22 | N/A | 7.5 HIGH |
| The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | |||||
| CVE-2024-52799 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. If a user can be made to run a malicious template, their whole namespace can be compromised. This affects versions of the argo-workflows Chart that use appVersion: 3.4 and above, which no longer need these permissions for the only available Executor, Emissary. It could also affect users below 3.4 depending on their choice of Executor in those versions. This only affects the Helm Chart and not the upstream manifests. This vulnerability is fixed in 0.44.0. | |||||
| CVE-2024-9473 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. | |||||
| CVE-2024-6913 | 2 Microsoft, Perkinelmer | 2 Windows, Processplus | 2024-11-21 | N/A | 8.8 HIGH |
| Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0. | |||||
| CVE-2024-6834 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in there and allow an attacker to handle the whole communication including user credentials. | |||||
| CVE-2024-5042 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. | |||||
| CVE-2024-3498 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-3330 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0 through 14.0.3, from 14.2.0 through 14.3.0; Spotfire for AWS Marketplace: from 14.0 before 14.3.0. | |||||
| CVE-2024-35154 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 7.2 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. | |||||
| CVE-2024-34477 | 2024-11-21 | N/A | 7.8 HIGH | ||
| configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file. | |||||
| CVE-2024-32853 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2024-31890 | 2024-11-21 | N/A | 7.8 HIGH | ||
| IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171. | |||||
| CVE-2024-27260 | 2024-11-21 | N/A | 8.4 HIGH | ||
| IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | |||||
| CVE-2024-27147 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27146 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27143 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||