| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. |
| syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. |
| click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. |
| The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. |
| The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. |
| The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. |
| Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. |
| vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. |
|
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
|
|
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment. |
| The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. |
| Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. |
| Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. |
| wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation |
| An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. |
| Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. |
| A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. |
| A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed. |
| The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). |