CWE:
 

Topic
Date
Author
Med.
Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation
14.03.2023
Thurein Soe
High
CipherMail Community Virtual Appliance 4.6.2 Code Execution
10.06.2020
Core Security Technolo...
High
Opsview Monitor 5.x Command Execution
05.09.2018
Core Security Technolo...
High
Quest DR Series Disk Backup Software 4.0.3 Code Execution
01.06.2018
Core Security Technolo...
High
NetEx HyperIP 6.1.0 Post-Auth Command Execution
11.02.2018
Matt Bergin
High
TP-LINK TL-SC3171 Authentication Bypass
13.06.2013
Eliezer Varad Lopez, ...


CVEMAP Search Results

CVE
Details
Description
2023-09-27
Waiting for details
CVE-2023-4003

Updating...
 

 
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.

 
2023-09-15
Waiting for details
CVE-2023-4662

Updating...
 

 
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.

 
2023-08-16
Waiting for details
CVE-2023-32486

Updating...
 

 
Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

 
2023-07-26
Waiting for details
CVE-2023-39261

Updating...
 

 
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

 
2023-05-10
Waiting for details
CVE-2023-32080

Updating...
 

 
Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`. There are no workarounds aside from upgrading. Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per the Wings documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems with SELinux enabled. It should be noted that this was a known attack vector, for attackers to easily exploit this attack it would require compromising an administrator account on a Panel. However, certain eggs (the data structure that holds the install scripts that get passed to Wings) have an issue where they are unknowingly executing shell commands with escalated privileges provided by untrusted user data.

 
2022-11-22
Waiting for details
CVE-2022-41950

Updating...
 

 
super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta.

 
2022-10-11
Waiting for details
CVE-2022-40182

Updating...
 

 

 
2022-08-10
Waiting for details
CVE-2022-2634

Updating...
 

 
An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.

 
2022-06-24
Waiting for details
CVE-2022-1744

Updating...
 

 
Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

 
2022-04-27
Waiting for details
CVE-2021-34591

Updating...
 

 
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top