Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0197 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.
|
|||||
| CVE-2023-7241 | 2024-11-21 | N/A | 7.9 HIGH | ||
|
Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on
Windows64 bit and 32 bit allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files.
|
|||||
| CVE-2023-7090 | 1 Sudo Project | 1 Sudo | 2024-11-21 | N/A | 6.6 MEDIUM |
|
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
|
|||||
| CVE-2023-7080 | 1 Cloudflare | 1 Wrangler | 2024-11-21 | N/A | 8.5 HIGH |
|
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If ...
Show More |
|||||
| CVE-2023-7016 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.
|
|||||
| CVE-2023-6804 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
|
|||||
| CVE-2023-6793 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A | 2.7 LOW |
|
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
|
|||||
| CVE-2023-6740 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
|
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
|
|||||
| CVE-2023-6735 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
|
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
|
|||||
| CVE-2023-6507 | 1 Python | 1 Python | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.
When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an em ...
Show More |
|||||
| CVE-2023-6218 | 1 Progress | 1 Moveit Transfer | 2024-11-21 | N/A | 7.2 HIGH |
|
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.
|
|||||
| CVE-2023-6119 | 1 Trellix | 1 Getsusp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this runs with high privileges, the attacker gains elevated permissions. The file handles are opened as read-only.
|
|||||
| CVE-2023-6099 | 1 Szjocat | 1 Facial Love Cloud Platform | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerabil ...
Show More |
|||||
| CVE-2023-5993 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.
|
|||||
| CVE-2023-5978 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A | 7.5 HIGH |
|
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.
|
|||||
| CVE-2023-5960 | 1 Zyxel | 12 Usg Flex 100, Usg Flex 100w, Usg Flex 200 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.
|
|||||
| CVE-2023-5847 | 3 Linux, Microsoft, Tenable | 4 Linux Kernel, Windows, Nessus and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
|
|||||
| CVE-2023-5797 | 1 Zyxel | 58 Atp100, Atp100w, Atp200 and 55 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65( ...
Show More |
|||||
| CVE-2023-5739 | 1 Hp | 4 Image Assistant, Pc Hardware Diagnostics, Thunderbolt Dock G2 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.
|
|||||
| CVE-2023-5671 | 1 Hp | 1 Print And Scan Doctor | 2024-11-21 | N/A | 7.8 HIGH |
|
HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.
|
|||||
| CVE-2023-5650 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.
|
|||||
| CVE-2023-5622 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | N/A | 7.1 HIGH |
|
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
|
|||||
| CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 3.3 LOW |
|
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
|
|||||
| CVE-2023-5408 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | N/A | 7.2 HIGH |
|
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
|
|||||
| CVE-2023-5402 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote
code execution when the transfer command is used over the network.
|
|||||
| CVE-2023-5214 | 1 Puppet | 1 Bolt | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.
|
|||||
| CVE-2023-52431 | 1 Plack\ | 1 \ | 2024-11-21 | N/A | 8.8 HIGH |
|
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).
|
|||||
| CVE-2023-52114 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.
|
|||||
| CVE-2023-52107 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2023-52093 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
|
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2023-51483 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
|
|||||
| CVE-2023-51481 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.
|
|||||
| CVE-2023-51476 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.
|
|||||
| CVE-2023-51433 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | N/A | 2.9 LOW |
|
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
|
|||||
| CVE-2023-51430 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
|
|||||
| CVE-2023-51429 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
|
|||||
| CVE-2023-51425 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
|
|||||
| CVE-2023-51424 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.
|
|||||
| CVE-2023-51386 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-11-21 | N/A | 7.8 HIGH |
|
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patche ...
Show More |
|||||