Total
1979 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36077 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 (14.173.3 through 14.173.7), November 2023 Patch 8 (14.159.4 through 14.159.13), August 2023 Patch 13 (14.139.3 through 14.139.20), May 2023 Patch 15 (14.129.3 through 14.129.22), February 2023 Patch 13 (14.113.1 through 14.113.18), November 2022 Patch 13 (14.97.2 through 14.97.18), August 2022 Patch 16 (14.78.3 through 14.78.23), and May 2022 Patch 17 (14.67.7 through 14.67.31). This has been fixed in May 2024 (14.187.4), February 2024 Patch 4 (14.173.8), November 2023 Patch 9 (14.159.14), August 2023 Patch 14 (14.139.21), May 2023 Patch 16 (14.129.23), February 2023 Patch 14 (14.113.19), November 2022 Patch 14 (14.97.19), August 2022 Patch 17 (14.78.25), and May 2022 Patch 18 (14.67.34). | |||||
| CVE-2024-36056 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation. | |||||
| CVE-2024-35700 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8. | |||||
| CVE-2024-35430 | 2024-11-21 | N/A | 8.1 HIGH | ||
| In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application. | |||||
| CVE-2024-34454 | 2024-11-21 | N/A | 7.4 HIGH | ||
| Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name). | |||||
| CVE-2024-34332 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. | |||||
| CVE-2024-34146 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories. | |||||
| CVE-2024-33894 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges. | |||||
| CVE-2024-33775 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | |||||
| CVE-2024-33569 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. | |||||
| CVE-2024-33567 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | |||||
| CVE-2024-33550 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0. | |||||
| CVE-2024-33549 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2024-33522 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. | |||||
| CVE-2024-33500 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights. | |||||
| CVE-2024-33398 | 2024-11-21 | N/A | 7.5 HIGH | ||
| There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster. | |||||
| CVE-2024-33393 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | |||||
| CVE-2024-33374 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. | |||||
| CVE-2024-33308 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | |||||
| CVE-2024-33226 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | |||||