Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50890 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.
|
|||||
| CVE-2023-50700 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.
|
|||||
| CVE-2023-50267 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 4.3 MEDIUM |
|
MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds.
|
|||||
| CVE-2023-4834 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
|
|||||
| CVE-2023-4697 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
|
|||||
| CVE-2023-4607 | 1 Lenovo | 231 Thinkagile Hx1021 Edg, Thinkagile Hx1021 Edg Firmware, Thinkagile Hx1320 and 228 more | 2024-11-21 | N/A | 7.5 HIGH |
|
An authenticated XCC user can change permissions for any user through a crafted API command.
|
|||||
| CVE-2023-4404 | 1 Wpcharitable | 1 Charitable | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
|
|||||
| CVE-2023-49232 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users.
|
|||||
| CVE-2023-48757 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
|
|||||
| CVE-2023-48419 | 1 Google | 8 Home, Home Firmware, Home Mini and 5 more | 2024-11-21 | N/A | 10.0 CRITICAL |
|
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege
|
|||||
| CVE-2023-48406 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-47782 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
|
|||||
| CVE-2023-47715 | 1 Ibm | 1 Storage Protect Plus | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.
|
|||||
| CVE-2023-47683 | 2024-11-21 | N/A | 8.0 HIGH | ||
|
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
|
|||||
| CVE-2023-47682 | 2024-11-21 | N/A | 7.2 HIGH | ||
|
Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
|
|||||
| CVE-2023-47629 | 1 Datahub Project | 1 Datahub | 2024-11-21 | N/A | 7.1 HIGH |
|
DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that h ...
Show More |
|||||
| CVE-2023-47611 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | N/A | 7.8 HIGH |
|
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
|
|||||
| CVE-2023-47201 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
|
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47200.
|
|||||
| CVE-2023-47101 | 1 Securepoint | 1 Openvpn-client | 2024-11-21 | N/A | 7.8 HIGH |
|
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.
|
|||||
| CVE-2023-46771 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2023-46758 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
|
|||||
| CVE-2023-46756 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
|
|||||
| CVE-2023-46647 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
|
|||||
| CVE-2023-46277 | 1 Edneville | 1 Please | 2024-11-21 | N/A | 7.8 HIGH |
|
please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)
|
|||||
| CVE-2023-45883 | 2 Enghouse, Microsoft | 2 Qumu, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.
|
|||||
| CVE-2023-45581 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-11-21 | N/A | 8.8 HIGH |
|
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.
|
|||||
| CVE-2023-45253 | 2 Huddly, Microsoft | 2 Huddlycameraservices, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.
|
|||||
| CVE-2023-45083 | 1 Softiron | 1 Hypercloud | 2024-11-21 | N/A | 4.2 MEDIUM |
|
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.
An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding.
This issue affects HyperCloud versions 1.0 to any release before 2.1.
|
|||||
| CVE-2023-44809 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.
|
|||||
| CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.
|
|||||
| CVE-2023-44282 | 1 Dell | 1 Repository Manager | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.
|
|||||
| CVE-2023-44250 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.8 HIGH |
|
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.
|
|||||
| CVE-2023-44219 | 2 Microsoft, Sonicwall | 2 Windows, Directory Services Connector | 2024-11-21 | N/A | 7.8 HIGH |
|
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.
|
|||||
| CVE-2023-44217 | 1 Sonicwall | 1 Netextender | 2024-11-21 | N/A | 7.8 HIGH |
|
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
|
|||||
| CVE-2023-44106 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.8 CRITICAL |
|
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.
|
|||||
| CVE-2023-44105 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
|
|||||
| CVE-2023-43960 | 1 Dlink | 2 Dph-400se, Dph-400se Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.
|
|||||
| CVE-2023-43766 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
|
|||||
| CVE-2023-43664 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 4.3 MEDIUM |
|
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
|
|||||
| CVE-2023-43663 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 6.3 MEDIUM |
|
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||