Total
1979 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3325 | 2024-11-21 | N/A | N/A | ||
| Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. | |||||
| CVE-2024-3137 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Privilege Management in uvdesk/community-skeleton | |||||
| CVE-2024-39819 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. | |||||
| CVE-2024-39302 | 2024-11-21 | N/A | 3.7 LOW | ||
| BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7. | |||||
| CVE-2024-39206 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key. | |||||
| CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | N/A | 9.1 CRITICAL |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
| CVE-2024-37952 | 1 Themeenergy | 1 Book Your Travel | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. | |||||
| CVE-2024-37927 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0. | |||||
| CVE-2024-37726 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe | |||||
| CVE-2024-37665 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. | |||||
| CVE-2024-37560 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | |||||
| CVE-2024-37455 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. | |||||
| CVE-2024-37364 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS. | |||||
| CVE-2024-37133 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | |||||
| CVE-2024-37126 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | |||||
| CVE-2024-37107 | 1 Wishlistmember | 1 Wishlist Member X | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7. | |||||
| CVE-2024-36586 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. | |||||
| CVE-2024-36500 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.8 HIGH |
| Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-36499 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 6.8 MEDIUM |
| Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-36439 | 2024-11-21 | N/A | 9.4 CRITICAL | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. | |||||