Show filters
49,390 Total Results
Displaying 21-30 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Moderate
CVE-2021-1636
Disclosure Date: January 12, 2021 (last updated December 30, 2023)
Microsoft SQL Elevation of Privilege Vulnerability
6
Attacker Value
Low
CVE-2020-0986
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
4
Attacker Value
High
CVE-2023-4911
Disclosure Date: October 03, 2023 (last updated September 18, 2024)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
4
Attacker Value
High
CVE-2023-41265
Disclosure Date: August 29, 2023 (last updated October 08, 2023)
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
5
Attacker Value
Moderate
CVE-2023-29336
Disclosure Date: May 09, 2023 (last updated April 10, 2024)
Win32k Elevation of Privilege Vulnerability
4
Attacker Value
Very High
CVE-2023-21752
Disclosure Date: January 10, 2023 (last updated October 08, 2023)
Windows Backup Service Elevation of Privilege Vulnerability
5
Attacker Value
Very Low
CVE-2022-29799 "Nimbuspwn"
Disclosure Date: September 21, 2022 (last updated October 08, 2023)
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.
5
Attacker Value
High
CVE-2022-33891
Disclosure Date: July 18, 2022 (last updated October 07, 2023)
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
3
Attacker Value
Unknown
CVE-2022-0847
Disclosure Date: March 10, 2022 (last updated October 07, 2023)
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
6
Attacker Value
Moderate
CVE-2021-39609
Disclosure Date: August 23, 2021 (last updated October 07, 2023)
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
3