81 matches found
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2022-40711
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...
Cross site scripting
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...
CVE-2022-40711
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users...
CVE-2022-21660 Missing authorization in gin-vue-admin
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds...
Privilege escalation
There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...
CVE-2021-39976
There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...
Privilege escalation
The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group...
CVE-2021-41320
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Change List Password with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...
CVE-2021-29802
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses...
Prismatic < 2.8 - Contributor+ Stored XSS
The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...
CVE-2021-27479
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...
Privilege escalation
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service...
CVE-2021-22311
There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include...
Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product
There is a command injection vulnerability in Huawei FusionCompute product. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Vulnerability ID:...
CVE-2020-9084
Taurus-AN00B versions earlier than 10.1.0.156C00E155R7P2 have a use-after-free UAF vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service...
CVE-2020-9084
CVE-2020-9084 affects Huawei Taurus-AN00B smartphones prior to version 10.1.0.156 (C00E155R7P2). The issue is a use-after-free (UAF) vulnerability that can be exploited by an authenticated, local attacker to potentially gain higher privileges and compromise the service. Huawei’s PSIRT advisory HW...
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerability ID:...