Total
2487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37126 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | ||||
| CVE-2024-37107 | 1 Wishlistmember | 1 Wishlist Member X | 2024-11-21 | 8.8 High |
| Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7. | ||||
| CVE-2024-36586 | 1 Adguard | 1 Adguardhome | 2024-11-21 | 8.8 High |
| An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. | ||||
| CVE-2024-36500 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.8 High |
| Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-36499 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.8 Medium |
| Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-36439 | 2024-11-21 | 9.4 Critical | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. | ||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 9.8 Critical |
| Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8. | ||||
| CVE-2024-34332 | 2024-11-21 | 7.8 High | ||
| An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. | ||||
| CVE-2024-33569 | 1 Connekthq | 1 Instant Images | 2024-11-21 | 7.2 High |
| Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. | ||||
| CVE-2024-33567 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | ||||
| CVE-2024-33500 | 2024-11-21 | 5.9 Medium | ||
| A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights. | ||||
| CVE-2024-33398 | 1 Piraeus Operator | 1 Piraeus Operator | 2024-11-21 | 7.5 High |
| There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster. | ||||
| CVE-2024-33393 | 1 Spidernet-io | 1 Spiderpool | 2024-11-21 | 6.2 Medium |
| An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | ||||
| CVE-2024-33374 | 1 Lb Link | 1 Bl W1210m | 2024-11-21 | 9.8 Critical |
| Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. | ||||
| CVE-2024-33308 | 2024-11-21 | 9.1 Critical | ||
| An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | ||||
| CVE-2024-32960 | 2024-11-21 | 8.8 High | ||
| Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | ||||
| CVE-2024-32918 | 1 Google | 1 Android | 2024-11-21 | 6.1 Medium |
| Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps | ||||
| CVE-2024-32906 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32899 | 1 Google | 1 Android | 2024-11-21 | 7.0 High |
| In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32854 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation. | ||||