CVE-2024-8903

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-250
View all →

Vulnerability Description

Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.

Related Vulnerabilities

CVE-2019-10147

MEDIUM
CVSS:4.7(Medium)

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in w...

CWE-2502019

CVE-2024-28005

MEDIUM
CVSS:4.7(Medium)

Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200...

CWE-2502024

CVE-2023-37412

MEDIUM
CVSS:4.9(Medium)

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.

CWE-2502023

CVE-2018-16888

MEDIUM
CVSS:4.4(Medium)

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service f...

CWE-2502018

CVE-2023-27247

MEDIUM
CVSS:4.4(Medium)

Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege tokens.

CWE-2502023

CVE-2024-8266

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain ci...

CWE-2502024