| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation of privilege via local access. |
| Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
| Azure Bot Service Elevation of Privilege Vulnerability |
| Azure Networking Elevation of Privilege Vulnerability |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. |
| Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) |
| The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5 |
| A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data. |
| DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. |
| On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2. |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. |
| Azure Entra ID Elevation of Privilege Vulnerability |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. |
| Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally. |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
