| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. |
| Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information. |
| Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API. |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. |
| Redis Enterprise Elevation of Privilege Vulnerability |
| Azure Entra ID Elevation of Privilege Vulnerability |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. |
| Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally. |
| Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. |
| Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. |
