Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23999 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||||
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2022-04-26 | 4.6 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services. | |||||
| CVE-2022-26914 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-26 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability. | |||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-04-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-40124 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. | |||||
| CVE-2021-3576 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. | |||||
| CVE-2022-24550 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| Windows Telephony Server Elevation of Privilege Vulnerability. | |||||
| CVE-2022-27421 | 1 Chamilo | 1 Chamilo Lms | 2022-04-25 | 6.5 MEDIUM | 7.2 HIGH |
| Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | |||||
| CVE-2022-1256 | 1 Mcafee | 1 Agent | 2022-04-22 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links. | |||||
| CVE-2022-24842 | 1 Minio | 1 Minio | 2022-04-22 | 9.0 HIGH | 8.8 HIGH |
| MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. This in turn allows the user to escalate privilege to that of the root user. This vulnerability has been resolved in pull request #14729 and is included in `RELEASE.2022-04-12T06-55-35Z`. Users unable to upgrade may workaround this issue by explicitly adding a `admin:CreateServiceAccount` deny policy, however, this, in turn, denies the user the ability to create their own service accounts as well. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2022-24481 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521. | |||||
| CVE-2022-24479 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24474 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542. | |||||
| CVE-2022-24527 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability. | |||||
| CVE-2020-16238 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. | |||||
| CVE-2022-23259 | 1 Microsoft | 1 Dynamics 365 | 2022-04-21 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. | |||||
| CVE-2022-22960 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2022-04-21 | 7.2 HIGH | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2022-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | |||||
| CVE-2022-23702 | 1 Hpe | 4 Superdome Flex 280 Server, Superdome Flex 280 Server Firmware, Superdome Flex Server and 1 more | 2022-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. | |||||