Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14865 | 2 Gnu, Redhat | 5 Grub2, Enterprise Linux, Enterprise Linux Eus and 2 more | 2025-04-29 | 4.9 MEDIUM | 5.9 MEDIUM |
| A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. | |||||
| CVE-2025-2903 | 2025-04-17 | N/A | N/A | ||
| An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM. | |||||
| CVE-2024-55968 | 2025-03-24 | N/A | 8.8 HIGH | ||
| An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection. | |||||
| CVE-2024-32901 | 1 Google | 1 Android | 2025-03-24 | N/A | 7.8 HIGH |
| In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-23015 | 2025-02-15 | N/A | 8.8 HIGH | ||
| Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue. | |||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 8.7 HIGH |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | |||||
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | N/A | 7.8 HIGH |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | |||||
| CVE-2024-8539 | 4 Apple, Ivanti, Linux and 1 more | 4 Macos, Secure Access Client, Linux Kernel and 1 more | 2025-01-17 | N/A | 7.1 HIGH |
| Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | |||||
| CVE-2024-9842 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | N/A | 7.3 HIGH |
| Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | |||||
| CVE-2024-7571 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | N/A | 7.8 HIGH |
| Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-8631 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.5 MEDIUM |
| A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles. | |||||
| CVE-2024-39866 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges. | |||||
| CVE-2023-43746 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2024-11-21 | N/A | 8.7 HIGH |
| When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-2983 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 8.8 HIGH |
| Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. | |||||
| CVE-2023-27895 | 1 Sap | 1 Authenticator | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data. | |||||
| CVE-2023-22647 | 1 Suse | 1 Rancher | 2024-11-21 | N/A | 9.9 CRITICAL |
| An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | |||||
| CVE-2021-44547 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 9.1 CRITICAL |
| A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | |||||
| CVE-2021-44476 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.8 MEDIUM |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | |||||
| CVE-2021-32739 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects. | |||||
| CVE-2021-23186 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 8.7 HIGH |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | |||||