CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-9518The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | CVSS 9.8 | Wpuserplus, et al | - | - | |
CVE-2024-9500A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | CVSS 7.2 | Autodesk | - | - | |
CVE-2024-9471A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations. | CVSS 4.7 | Paloaltonetworks | - | Patched | |
CVE-2024-9265The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator. | CVSS 9.8 | Wordpress, et al | - | - | |
CVE-2024-9192The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator. | CVSS 8.8 | Wordpress | - | - | |
CVE-2024-9002CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized
access, loss of confidentiality, integrity, and availability of the workstation when non-admin
authenticated user tries to perform privilege escalation by tampering with the binaries | CVSS 7.8 | Schneider-electric | - | - | |
CVE-2024-8853The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'. | CVSS 9.8 | Wordpress, et al | - | Patched | |
CVE-2024-8810A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program. | CVSS Low | Github | - | - | |
CVE-2024-8533A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. | CVSS 8.8 | Rockwellautomation | - | Patched | |
CVE-2024-8424Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.
This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00. | CVSS 7.8 | Watchguard | - | - | |
CVE-2024-8306CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized
access, loss of confidentiality, integrity and availability of the workstation when non-admin
authenticated user tries to perform privilege escalation by tampering with the binaries. | CVSS 7.8 | Schneider-electric | - | Patched | |
CVE-2024-8263An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | CVSS 2.7 | Github | - | - | |
CVE-2024-8247The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited. | CVSS 8.8 | Wordpress, et al | - | Patched | |
CVE-2024-8246The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators. | CVSS 8.8 | Wordpress, et al | - | Patched | |
CVE-2024-8074Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024. | CVSS 7.1 | - | - | ||
CVE-2024-8068Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | CVSS 0 | Citrix | - | - | |
CVE-2024-7960The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. | CVSS 9.1 | Rockwellautomation | - | Patched | |
CVE-2024-7890Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | CVSS 7.3 | Citrix | - | Patched | |
CVE-2024-7493The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration. | CVSS 9.8 | Wordpress, et al | - | - | |
CVE-2024-7480An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | CVSS 4.4 | Avaya | - | Patched | |
CVE-2024-7473An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3. | CVSS 6.5 | Lunary | Exploit | Patched | |
CVE-2024-7291The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites. | CVSS 7.2 | Wordpress, et al | - | - | |
CVE-2024-7048In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models. | CVSS Low | Openwebui | - | - | |
CVE-2024-6908Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. | CVSS Low | Yugabyte | - | - | |
CVE-2024-6758Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments. | CVSS 6.5 | Sprecher-automation | - | Patched | |
CVE-2024-6482The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49. | CVSS 8.8 | Idehweb, et al | - | Patched | |
CVE-2024-6359Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. | CVSS 9.8 | Opentext | - | Patched | |
CVE-2024-6326An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network. | CVSS 5.5 | Rockwellautomation | - | Patched | |
CVE-2024-6325The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | CVSS 6.5 | Rockwellautomation | - | Patched | |
CVE-2024-6286Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | CVSS Low | Citrix | - | - | |
CVE-2024-6240Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system. | CVSS 10 | Parallels | - | - | |
CVE-2024-6151Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | CVSS MEDIUM | - | - | ||
CVE-2024-5909A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | CVSS 5.5 | Paloaltonetworks | - | Patched | |
CVE-2024-5907A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. | CVSS 7 | Paloaltonetworks | - | Patched | |
CVE-2024-5760The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018. | CVSS 7.8 | Samsung | - | - | |
CVE-2024-5759An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | CVSS 6.3 | Tenable | - | Patched | |
CVE-2024-5566An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. | CVSS 6.5 | Github | - | - | |
CVE-2024-5525Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions. | CVSS 8.3 | - | - | ||
CVE-2024-52516Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6. | CVSS 3 | Nextcloud | - | - | |
CVE-2024-51734Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`. | CVSS 0 | Zope | - | Patched | |
CVE-2024-51521Input parameter verification vulnerability in the background service module
Impact: Successful exploitation of this vulnerability may affect availability. | CVSS 5.5 | Huawei, et al | - | Patched | |
CVE-2024-5009This vulnerability allows local attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request from a local machine in order to exploit this vulnerability.<br/>The specific flaw exists within the implementation of SetAdminPassword method. The issue results from the improper access control. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.<br/> Progress Software has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024">https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024</a> <br/></td> | CVSS 8.4 | Progress | Exploit | Patched | |
CVE-2024-4988The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. | CVSS 7.5 | Private files project | - | - | |
CVE-2024-49558Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | CVSS 7.8 | Dell | - | Patched | |
CVE-2024-47000Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised t upgrade. Users unable to upgrade may instead of deactivating the service account, consider creating new credentials and replacing the old ones wherever they are used. This effectively prevents the deactivated service account from being utilized. Be sure to revoke all existing authentication keys associated with the service account and to rotate the service account's password. | CVSS 7.5 | Zitadel | - | Patched | |
CVE-2024-46999Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API always returned the state as active or did not provide any information about the state. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly remove the user grants to make sure the user does not get access anymore. | CVSS 6.5 | Zitadel | - | Patched | |
CVE-2024-46989spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries. | CVSS 3.7 | Authzed | - | Patched | |
CVE-2024-46549An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. | CVSS 7.6 | Tp-link | - | - | |
CVE-2024-45919A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests. | CVSS 6.5 | - | - | ||
CVE-2024-45752logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. | CVSS 7.3 | Pixlone | - | - | |
CVE-2024-4555Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | CVSS 7.5 | Microfocus, et al | - | Patched | |
CVE-2024-45496A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | CVSS 9.9 | Redhat | - | Patched | |
CVE-2024-45461The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false". | CVSS 6.3 | Apache | - | Patched | |
CVE-2024-4545
All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.
| CVSS 7.7 | Enterprisedb | - | - | |
CVE-2024-45373Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | CVSS 8.8 | Doverfuelingsolutions | - | - | |
CVE-2024-45297Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 4.3 | Discourse | - | Patched | |
CVE-2024-45173An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges. | CVSS 8.8 | - | - | ||
CVE-2024-45058i-Educar is free, completely online school management software that allows school secretaries, teachers, coordinators and area managers. An attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions). Any user is capable of becoming an administrator, which can lead to account theft, changing administrative tasks, etc. The failure occurs in the file located in ieducar/intranet/educar_usuario_cad.php on line 446 , which does not perform checks on the user's current permission level to make changes. This issue has not yet been patched. Users are advised to contact the developer and to coordinate an update schedule. | CVSS 8.1 | Portabilis | Exploit | Patched | |
CVE-2024-45041External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2. | CVSS 8.8 | Kubernetes, et al | - | Patched | |
CVE-2024-44893An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | CVSS 9.8 | Jeecg | - | - | |
CVE-2024-44540Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. | CVSS 6.6 | Ubiquiti | - | - | |
CVE-2024-44439An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. | CVSS 5.9 | - | - | ||
CVE-2024-4428Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024. | CVSS 9.8 | - | - | ||
CVE-2024-44147This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network. | CVSS 7.7 | Apple | - | Patched | |
CVE-2024-44097According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server." | CVSS 9.8 | Apache | - | - | |
CVE-2024-44076In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | CVSS 9.8 | - | Patched | ||
CVE-2024-4395The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. | CVSS 7.8 | Jamf | - | - | |
CVE-2024-4390The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks. | CVSS 6.5 | Wordpress, et al | - | - | |
CVE-2024-4341Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. | CVSS 6.5 | - | - | ||
CVE-2024-43403Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation. | CVSS 8.8 | Kubernetes | - | Patched | |
CVE-2024-43401XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1. | CVSS 8 | Xwiki | - | Patched | |
CVE-2024-43311Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2. | CVSS 9.8 | Wordpress | - | - | |
CVE-2024-43245Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | CVSS 9.8 | Eyecix | - | - | |
CVE-2024-43240Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6. | CVSS 9.8 | Wpindeed, et al | - | - | |
CVE-2024-43199Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. | CVSS 7.8 | Nagios | - | Patched | |
CVE-2024-43153Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10. | CVSS 9.8 | Wordpress | - | - | |
CVE-2024-43121Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. | CVSS 9.1 | Wordpress | - | - | |
CVE-2024-42995VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. | CVSS 8.3 | Vtiger | - | - | |
CVE-2024-42798An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. | CVSS 7.6 | Kashipara | - | - | |
CVE-2024-42774An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | CVSS 7.5 | Kashipara | - | - | |
CVE-2024-4259Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Sambas | - | - | |
CVE-2024-42441Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | CVSS 6.7 | Zoom | - | Patched | |
CVE-2024-42440Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download. | CVSS 6.7 | Zoom | - | Patched | |
CVE-2024-42366VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX. | CVSS 9 | Vrcx-team | - | Patched | |
CVE-2024-42050The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg. | CVSS 7 | - | - | ||
CVE-2024-42036Access permission verification vulnerability in the Notepad module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. | CVSS 7.5 | Huawei, et al | - | Patched | |
CVE-2024-41949Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it: the public key of the previous block (used in the signature)
the public keys part of the token symbol table (for public key interning in datalog expressions)
A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. Consider the following example (nominal case) Authority A emits the following token: check if thirdparty("b") trusting ${pubkeyB}
The well-behaving holder then generates a third-party block request based on the token and sends it to third-party authority B
Third-party B generates the following third-party block thirdparty("b"); check if thirdparty("c") trusting ${pubkeyC}
The token holder now must obtain a third-party block from third party C to be able to use the token
Now, with a malicious user: Authority A emits the following token: check if thirdparty("b") trusting ${pubkeyB}
The holder then attenuates the token with the following third party block thirdparty("c"), signed with a keypair pubkeyD, privkeyD) they generate
The holder then generates a third-party block request based on this token, but alter the ThirdPartyBlockRequest publicKeys field and replace pubkeyD with pubkeyC
Third-party B generates the following third-party block thirdparty("b"); check if thirdparty("c") trusting ${pubkeyC}
Due to the altered symbol table, the actual meaning of the block is thirdparty("b"); check if thirdparty("c") trusting ${pubkeyD}
The attacker can now use the token without obtaining a third-party block from C. | CVSS 6.4 | Biscuitsec | - | Patched | |
CVE-2024-41903A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption. | CVSS 7.2 | Siemens | - | Patched | |
CVE-2024-41666Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21. | CVSS 4.7 | Argoproj | - | Patched | |
CVE-2024-41637RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password. | CVSS 8.3 | Raspap | - | Patched | |
CVE-2024-41228A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. | CVSS 7.6 | - | - | ||
CVE-2024-40861The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges. | CVSS 7.8 | Apple | - | Patched | |
CVE-2024-40802The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | CVSS 7.8 | Apple | - | Patched | |
CVE-2024-40781The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | CVSS 8.4 | Apple | - | Patched | |
CVE-2024-40662In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS 7.8 | Apache | - | Patched | |
CVE-2024-40658In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS 7.8 | - | Patched | ||
CVE-2024-40657In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS 7.8 | - | Patched | ||
CVE-2024-4018Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
| CVSS 8.8 | Beyondtrust | - | - | |
CVE-2024-4017Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
| CVSS 8.8 | Beyondtrust | - | - | |
CVE-2024-39925An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data. | CVSS 7.5 | - | - |