Total
510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10143 | 3 Fedoraproject, Freeradius, Redhat | 3 Fedora, Freeradius, Enterprise Linux | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." | |||||
| CVE-2018-1088 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Leap, Enterprise Linux Server and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. | |||||
| CVE-2024-11073 | 1 Mayurik | 1 Hospital Management System | 2024-11-18 | 4.0 MEDIUM | 8.1 HIGH |
| A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11306 | 2024-11-18 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-29119 | 1 Siemens | 1 Spectrum Power 7 | 2024-11-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. | |||||
| CVE-2024-47595 | 1 Sap | 1 Host Agent | 2024-11-14 | N/A | 7.1 HIGH |
| An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application. | |||||
| CVE-2024-49217 | 1 Madirisalmanaashish | 1 Adding Drop Down Roles In Registration | 2024-11-06 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. | |||||
| CVE-2024-49219 | 1 Themexpo | 1 Rs-members | 2024-11-06 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3. | |||||
| CVE-2024-10766 | 1 Codezips | 1 Free Exam Hall Seating Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names. | |||||
| CVE-2024-10765 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10764 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10654 | 2024-11-05 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-50504 | 2024-11-01 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Matt Whiteman Bulk Change Role allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through 1.1. | |||||
| CVE-2024-50506 | 2024-11-01 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Azexo Marketing Automation by AZEXO allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80. | |||||
| CVE-2024-47904 | 1 Siemens | 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware | 2024-10-30 | N/A | 7.8 HIGH |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges. | |||||
| CVE-2024-50481 | 2024-10-29 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1. | |||||
| CVE-2024-50550 | 2024-10-29 | N/A | 8.1 HIGH | ||
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1. | |||||
| CVE-2024-50485 | 2024-10-29 | N/A | 9.8 CRITICAL | ||
| : Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5. | |||||
| CVE-2024-49608 | 1 Gerryntabuhashe | 1 Gerryworks Post By Mail | 2024-10-24 | N/A | 8.8 HIGH |
| : Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0. | |||||
| CVE-2024-9180 | 1 Hashicorp | 1 Vault | 2024-10-18 | N/A | 7.2 HIGH |
| A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | |||||