Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-269
Total 1509 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2637 1 Hitachi 1 Storage Plug-in 2023-03-01 N/A 8.8 HIGH
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.
CVE-2020-0404 2 Google, Oracle 4 Android, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more 2023-02-28 4.9 MEDIUM 5.5 MEDIUM
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
CVE-2022-0338 1 Loguru Project 1 Loguru 2023-02-28 4.0 MEDIUM 4.3 MEDIUM
Improper Privilege Management in Conda loguru prior to 0.5.3.
CVE-2022-38378 1 Fortinet 2 Fortios, Fortiproxy 2023-02-24 N/A 6.0 MEDIUM
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
CVE-2023-24483 2 Citrix, Microsoft 2 Virtual Apps And Desktops, Windows 2023-02-24 N/A 7.8 HIGH
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVE-2022-25636 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, Baseboard Management Controller H300e and 10 more 2023-02-24 6.9 MEDIUM 7.8 HIGH
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2023-21777 1 Microsoft 1 Azure App Service On Azure Stack 2023-02-23 N/A 8.7 HIGH
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2023-25149 1 Timescale 1 Timescaledb 2023-02-22 N/A 8.8 HIGH
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms.
CVE-2022-34384 1 Dell 5 Alienware Update, Command Update, Supportassist For Business Pcs and 2 more 2023-02-21 N/A 7.8 HIGH
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.
CVE-2023-21421 1 Samsung 1 Android 2023-02-21 N/A 7.8 HIGH
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
CVE-2022-38777 2 Elastic, Microsoft 3 Endgame, Endpoint Security, Windows 2023-02-21 N/A 7.8 HIGH
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
CVE-2022-42438 2 Ibm, Linux 2 Cloud Pak For Multicloud Management Monitoring, Linux Kernel 2023-02-18 N/A 8.8 HIGH
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.
CVE-2020-24307 1 Mremoteng 1 Mremoteng 2023-02-17 N/A 7.8 HIGH
** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
CVE-2019-6617 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2023-02-15 5.5 MEDIUM 6.5 MEDIUM
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.
CVE-2022-3369 1 Bitdefender 1 Engines 2023-02-15 N/A 5.5 MEDIUM
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.
CVE-2022-43759 1 Suse 1 Rancher 2023-02-15 N/A 8.8 HIGH
A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10.
CVE-2023-20854 2 Microsoft, Vmware 2 Windows, Workstation 2023-02-15 N/A 8.4 HIGH
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.
CVE-2022-48019 1 Wfs 1 Another Eden 2023-02-14 N/A 7.8 HIGH
The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.
CVE-2010-4347 3 Linux, Opensuse, Suse 3 Linux Kernel, Opensuse, Linux Enterprise Real Time Extension 2023-02-12 6.9 MEDIUM N/A
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
CVE-2010-4258 4 Fedoraproject, Linux, Opensuse and 1 more 7 Fedora, Linux Kernel, Opensuse and 4 more 2023-02-12 6.2 MEDIUM N/A
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.