Lucene search
+L

81 matches found

Vulnrichment
Vulnrichment
added 2023/07/03 8:3 p.m.10 views

CVE-2023-36611

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...

6.5CVSS6.9AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/03 8:3 p.m.24 views

CVE-2023-36611

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...

6.5CVSS6.7AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2023/01/01 8:15 a.m.38 views

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

4.8CVSS4.9AI score0.00457EPSS
Exploits1References1
Prion
Prion
added 2023/01/01 8:15 a.m.23 views

Cross site scripting

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

4.3CVSS4.7AI score0.00457EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/01/01 12:0 a.m.33 views

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...

5AI score0.00457EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/02/09 7:55 p.m.40 views

CVE-2022-21660 Missing authorization in gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds...

8.1CVSS8.3AI score0.01097EPSS
Exploits2References1
Prion
Prion
added 2021/11/23 3:15 p.m.24 views

Privilege escalation

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...

7.2CVSS7.6AI score0.00172EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/23 2:53 p.m.24 views

CVE-2021-39976

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...

7.8AI score0.00172EPSS
Exploits0References1
Prion
Prion
added 2021/11/10 6:15 p.m.23 views

Privilege escalation

The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group...

6.5CVSS8.8AI score0.09976EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2021/10/15 4:15 p.m.19 views

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

5.5CVSS0.00227EPSS
Exploits0References4
Huntr
Huntr
added 2021/09/12 11:22 p.m.9 views

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Change List Password with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...

1AI score
Exploits0
OSV
OSV
added 2021/08/23 4:15 p.m.7 views

CVE-2021-29802

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses...

7.5CVSS6.5AI score0.00622EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/06/21 12:0 a.m.21 views

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

5.4CVSS1.8AI score0.00624EPSS
Exploits2Affected Software1
NVD
NVD
added 2021/06/16 1:15 p.m.30 views

CVE-2021-27479

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

5.4CVSS0.00539EPSS
Exploits0References1
Prion
Prion
added 2021/03/22 8:15 p.m.12 views

Privilege escalation

There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service...

4.6CVSS7.5AI score0.00179EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/03/22 7:15 p.m.4 views

CVE-2021-22311

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include...

7.2CVSS5.8AI score0.00725EPSS
Exploits0References1
Huawei
Huawei
added 2020/11/18 12:0 a.m.33 views

Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product

There is a command injection vulnerability in Huawei FusionCompute product. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Vulnerability ID:...

7.2CVSS7AI score0.01023EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/09/18 7:15 p.m.17 views

CVE-2020-9084

Taurus-AN00B versions earlier than 10.1.0.156C00E155R7P2 have a use-after-free UAF vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service...

6.5CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2020/09/18 6:6 p.m.43 views

CVE-2020-9084

CVE-2020-9084 affects Huawei Taurus-AN00B smartphones prior to version 10.1.0.156 (C00E155R7P2). The issue is a use-after-free (UAF) vulnerability that can be exploited by an authenticated, local attacker to potentially gain higher privileges and compromise the service. Huawei’s PSIRT advisory HW...

6.5CVSS6.3AI score0.00225EPSS
Exploits0References1Affected Software1
Huawei
Huawei
added 2020/09/16 12:0 a.m.50 views

Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone

There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerability ID:...

6.5CVSS6.4AI score0.00225EPSS
Exploits0Affected Software1
Rows per page
Query Builder