CVE-2024-5009

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-269
View all →

Vulnerability Description

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.

Related Vulnerabilities

CVE-1999-0084

HIGH
CVSS:8.4(High)

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

CWE-2691999

CVE-2016-1572

HIGH
CVSS:8.4(High)

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated ...

CWE-2692016

CVE-2018-5884

HIGH
CVSS:8.4(High)

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.

CWE-2692018

CVE-2019-4448

HIGH
CVSS:8.4(High)

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an...

CWE-2692019

CVE-2021-1051

HIGH
CVSS:8.4(High)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display con...

CWE-2692021

CVE-2021-22376

HIGH
CVSS:8.4(High)

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions.

CWE-2692021