Total
2395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3054 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2012-0384 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | 7.2 High |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | ||||
| CVE-2010-4258 | 4 Fedoraproject, Linux, Opensuse and 1 more | 7 Fedora, Linux Kernel, Opensuse and 4 more | 2025-04-11 | N/A |
| The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. | ||||
| CVE-2012-3993 | 2 Mozilla, Redhat | 5 Firefox, Seamonkey, Thunderbird and 2 more | 2025-04-11 | N/A |
| The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | ||||
| CVE-2011-1526 | 6 Debian, Fedoraproject, Mit and 3 more | 8 Debian Linux, Fedora, Krb5-appl and 5 more | 2025-04-11 | N/A |
| ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. | ||||
| CVE-2010-4347 | 4 Linux, Opensuse, Redhat and 1 more | 4 Linux Kernel, Opensuse, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c. | ||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2025-04-11 | 9.6 Critical |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | ||||
| CVE-2023-39520 | 1 Cryptomator | 1 Cryptomator | 2025-04-10 | 5.5 Medium |
| Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround. | ||||
| CVE-2024-33552 | 1 8theme | 1 Xstore Core | 2025-04-10 | 9.8 Critical |
| Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. | ||||
| CVE-2024-36046 | 1 Infoblox | 1 Nios | 2025-04-10 | 9.8 Critical |
| Infoblox NIOS through 8.6.4 executes with more privileges than required. | ||||
| CVE-2023-41665 | 1 Givewp | 1 Givewp | 2025-04-10 | 8.8 High |
| Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. | ||||
| CVE-2023-41243 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-04-10 | 8.8 High |
| Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90. | ||||
| CVE-2022-41290 | 1 Ibm | 2 Aix, Vios | 2025-04-10 | 8.4 High |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690. | ||||
| CVE-2023-25834 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 5.4 Medium |
| Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | ||||
| CVE-2022-4808 | 1 Usememos | 1 Memos | 2025-04-10 | 8.8 High |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2024-21141 | 1 Oracle | 1 Vm Virtualbox | 2025-04-10 | 8.2 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2022-43535 | 2 Arubanetworks, Microsoft | 2 Clearpass Policy Manager, Windows | 2025-04-10 | 7.8 High |
| A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43534 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2025-04-10 | 7.8 High |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43533 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-04-10 | 7.8 High |
| A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2023-4976 | 1 Purestorage | 1 Flashblade | 2025-04-10 | N/A |
| A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. | ||||