Filtered by CWE-269
Total 2383 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-4347 4 Linux, Opensuse, Redhat and 1 more 4 Linux Kernel, Opensuse, Enterprise Mrg and 1 more 2025-04-11 N/A
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
CVE-2010-3301 4 Canonical, Linux, Redhat and 1 more 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-11 N/A
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
CVE-2023-39520 1 Cryptomator 1 Cryptomator 2025-04-10 5.5 Medium
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.
CVE-2024-33552 1 8theme 1 Xstore Core 2025-04-10 9.8 Critical
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-36046 1 Infoblox 1 Nios 2025-04-10 9.8 Critical
Infoblox NIOS through 8.6.4 executes with more privileges than required.
CVE-2023-41665 1 Givewp 1 Givewp 2025-04-10 8.8 High
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
CVE-2023-41243 1 Wpvivid 1 Migration\, Backup\, Staging 2025-04-10 8.8 High
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90.
CVE-2022-41290 1 Ibm 2 Aix, Vios 2025-04-10 8.4 High
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.
CVE-2023-25834 1 Esri 1 Portal For Arcgis 2025-04-10 5.4 Medium
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
CVE-2022-4808 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
CVE-2024-21141 1 Oracle 1 Vm Virtualbox 2025-04-10 8.2 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2022-43535 2 Arubanetworks, Microsoft 2 Clearpass Policy Manager, Windows 2025-04-10 7.8 High
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVE-2022-43534 2 Arubanetworks, Linux 2 Clearpass Policy Manager, Linux Kernel 2025-04-10 7.8 High
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVE-2022-43533 2 Apple, Arubanetworks 2 Macos, Clearpass Policy Manager 2025-04-10 7.8 High
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVE-2023-4976 1 Purestorage 1 Flashblade 2025-04-10 N/A
A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
CVE-2024-3057 1 Purestorage 1 Flasharray 2025-04-10 9.8 Critical
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
CVE-2022-4687 1 Usememos 1 Memos 2025-04-09 8.1 High
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
CVE-2025-28400 1 Ruoyi 1 Ruoyi 2025-04-09 6.7 Medium
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVE-2025-28401 1 Ruoyi 1 Ruoyi 2025-04-09 6.7 Medium
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
CVE-2024-28851 1 Snowflake 1 Snowflake Hive Metastore Connector 2025-04-09 4 Medium
The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script.