Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24519 | 1 Microsoft | 1 Azure Site Recovery | 2022-03-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24518. | |||||
| CVE-2022-24469 | 1 Microsoft | 1 Azure Site Recovery | 2022-03-14 | 9.0 HIGH | 8.8 HIGH |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. | |||||
| CVE-2022-23266 | 1 Microsoft | 1 Defender For Iot | 2022-03-14 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability. | |||||
| CVE-2022-21967 | 1 Microsoft | 2 Windows 10, Windows 11 | 2022-03-14 | 4.4 MEDIUM | 7.0 HIGH |
| Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24408 | 1 Siemens | 4 Sinumerik Mc, Sinumerik Mc Firmware, Sinumerik One and 1 more | 2022-03-11 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. | |||||
| CVE-2022-0441 | 1 Stylemixthemes | 1 Masterstudy Lms | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin | |||||
| CVE-2022-25623 | 1 Symantec | 1 Management Agent | 2022-03-11 | 7.2 HIGH | 7.8 HIGH |
| The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | |||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | |||||
| CVE-2022-23921 | 1 Ge | 1 Proficy Cimplicitiy | 2022-03-08 | 3.7 LOW | 7.8 HIGH |
| Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | |||||
| CVE-2022-25643 | 1 Seatd Project | 1 Seatd | 2022-03-04 | 9.3 HIGH | 9.8 CRITICAL |
| seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. | |||||
| CVE-2020-15824 | 2 Jetbrains, Oracle | 3 Kotlin, Banking Extensibility Workbench, Communications Cloud Native Core Policy | 2022-03-03 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. | |||||
| CVE-2021-26708 | 2 Linux, Netapp | 12 Linux Kernel, Aff Baseboard Management Controller, Baseboard Management Controller 500f and 9 more | 2022-02-25 | 6.9 MEDIUM | 7.0 HIGH |
| A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. | |||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9. | |||||
| CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2022-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | |||||
| CVE-2021-22801 | 1 Schneider-electric | 1 Connexium Network Manager | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) | |||||
| CVE-2022-24927 | 1 Samsung | 1 Video Player | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | |||||
| CVE-2022-23992 | 1 Broadcom | 1 Xcom Data Transport | 2022-02-18 | 10.0 HIGH | 9.8 CRITICAL |
| XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | |||||
| CVE-2022-20680 | 1 Cisco | 1 Prime Service Catalog | 2022-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application. | |||||
| CVE-2021-36302 | 1 Dell | 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware | 2022-02-14 | 9.0 HIGH | 9.9 CRITICAL |
| All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system. | |||||