Total
189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2002 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 6.8 MEDIUM |
| A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. | |||||
| CVE-2023-27313 | 1 Netapp | 1 Snapcenter | 2024-11-21 | N/A | 8.3 HIGH |
| SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | |||||
| CVE-2023-27312 | 1 Netapp | 1 Snapcenter Plug-in | 2024-11-21 | N/A | 5.4 MEDIUM |
| SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. | |||||
| CVE-2023-25521 | 1 Nvidia | 4 Dgx A100, Dgx A100 Firmware, Dgx A800 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
| CVE-2023-20217 | 1 Cisco | 2 Thousandeyes Enterprise Agent, Thousandeyes Recorder | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device. | |||||
| CVE-2023-20210 | 1 Cisco | 32 Broadworks Application Delivery Platform, Broadworks Application Delivery Platform Firmware, Broadworks Application Server and 29 more | 2024-11-21 | N/A | 6.0 MEDIUM |
| A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device. | |||||
| CVE-2023-1966 | 1 Illumina | 22 Iscan, Iscan Firmware, Iseq 100 and 19 more | 2024-11-21 | N/A | 7.4 HIGH |
| Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product. | |||||
| CVE-2023-1943 | 1 Kubernetes | 1 Operations | 2024-11-21 | N/A | 8.0 HIGH |
| Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. | |||||
| CVE-2022-41950 | 3 Apple, Linux, Super Xray Project | 3 Macos, Linux Kernel, Super Xray | 2024-11-21 | N/A | 6.4 MEDIUM |
| super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta. | |||||
| CVE-2022-41290 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 8.4 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690. | |||||
| CVE-2022-40182 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “--no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser. | |||||
| CVE-2022-3088 | 2 Debian, Moxa | 129 Debian Linux, Aig-301-ap-azu-lx, Aig-301-ap-azu-lx Firmware and 126 more | 2024-11-21 | N/A | 7.8 HIGH |
| UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. | |||||
| CVE-2022-39286 | 3 Debian, Fedoraproject, Jupyter | 3 Debian Linux, Fedora, Jupyter Core | 2024-11-21 | N/A | 8.8 HIGH |
| Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2022-34384 | 1 Dell | 5 Alienware Update, Command Update, Supportassist For Business Pcs and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. | |||||
| CVE-2022-32535 | 1 Bosch | 2 Pra-es8p2s, Pra-es8p2s Firmware | 2024-11-21 | 10.0 HIGH | 4.8 MEDIUM |
| The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch. | |||||
| CVE-2022-30695 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||||
| CVE-2022-2634 | 1 Digi | 2 Connectport X2d, Connectport X2d Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed. | |||||
| CVE-2022-27578 | 1 Sick | 1 Overall Equipment Effectiveness | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | |||||
| CVE-2022-24113 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | |||||
| CVE-2022-22239 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | N/A | 8.2 HIGH |
| An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. | |||||