Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7020 | 1 Elastic | 1 Elasticsearch | 2022-06-03 | 3.5 LOW | 3.1 LOW |
| Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | |||||
| CVE-2017-4991 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2022-06-03 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone. | |||||
| CVE-2017-4992 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations. | |||||
| CVE-2022-29179 | 1 Cilium | 1 Cilium | 2022-06-03 | 7.2 HIGH | 8.2 HIGH |
| Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available. | |||||
| CVE-2022-22328 | 1 Ibm | 1 Partner Engagement Manager | 2022-06-01 | 2.1 LOW | 6.2 MEDIUM |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. | |||||
| CVE-2020-7310 | 1 Mcafee | 1 Total Protection | 2022-06-01 | 3.3 LOW | 6.9 MEDIUM |
| Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | |||||
| CVE-2020-7311 | 1 Mcafee | 1 Mcafee Agent | 2022-06-01 | 6.9 MEDIUM | 7.0 HIGH |
| Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | |||||
| CVE-2022-22973 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2022-05-27 | 7.2 HIGH | 7.8 HIGH |
| VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-21999 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. | |||||
| CVE-2022-24515 | 1 Microsoft | 1 Azure Site Recovery | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24518, CVE-2022-24519. | |||||
| CVE-2022-1770 | 1 Trudesk Project | 1 Trudesk | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-30688 | 2 Debian, Needrestart Project | 2 Debian Linux, Needrestart | 2022-05-25 | 4.6 MEDIUM | 7.8 HIGH |
| needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. | |||||
| CVE-2022-30695 | 1 Acronis | 1 Snap Deploy | 2022-05-24 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||||
| CVE-2022-21128 | 1 Intel | 1 Advisor | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21182 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-42283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-41370. | |||||
| CVE-2021-26441 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 8.1 and 6 more | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345. | |||||
| CVE-2021-42282 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42287, CVE-2021-42291. | |||||
| CVE-2021-40464 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2022-05-23 | 5.2 MEDIUM | 8.0 HIGH |
| Windows Nearby Sharing Elevation of Privilege Vulnerability | |||||
| CVE-2021-42286 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |||||