Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43506 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
|
|||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.
|
|||||
| CVE-2023-43120 | 1 Extremenetworks | 1 Exos | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.
|
|||||
| CVE-2023-43018 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.
|
|||||
| CVE-2023-42468 | 1 Azmobileapps | 1 Color Phone | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.
|
|||||
| CVE-2023-41966 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.
|
|||||
| CVE-2023-41808 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41807 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41806 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 8.2 HIGH |
|
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41784 | 1 Zte | 2 Redmagic 8 Pro, Redmagic 8 Pro Firmware | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro
|
|||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.
|
|||||
| CVE-2023-41326 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.1 HIGH |
|
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-41324 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.1 HIGH |
|
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-41322 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 4.9 MEDIUM |
|
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability.
|
|||||
| CVE-2023-41312 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.
|
|||||
| CVE-2023-41309 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2023-41301 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.
|
|||||
| CVE-2023-41138 | 1 Appsanywhere | 1 Appsanywhere Client | 2024-11-21 | N/A | 7.5 HIGH |
|
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.
|
|||||
| CVE-2023-41119 | 1 Enterprisedb | 1 Postgres Advanced Server | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
|
|||||
| CVE-2023-41053 | 1 Redis | 1 Redis | 2024-11-21 | N/A | 3.3 LOW |
|
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-41036 | 1 Macvim | 1 Macvim | 2024-11-21 | N/A | 7.8 HIGH |
|
Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely t ...
Show More |
|||||
| CVE-2023-40918 | 1 Knowstreaming Project | 1 Knowstreaming | 2024-11-21 | N/A | 8.8 HIGH |
|
KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role.
|
|||||
| CVE-2023-40686 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.
|
|||||
| CVE-2023-40685 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.4 HIGH |
|
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.
|
|||||
| CVE-2023-40378 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.9 MEDIUM |
|
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.
|
|||||
| CVE-2023-40377 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.
|
|||||
| CVE-2023-40375 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.4 HIGH |
|
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.
|
|||||
| CVE-2023-40155 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-3699 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A | 8.7 HIGH |
|
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
|
|||||
| CVE-2023-3514 | 1 Razer | 1 Razer Central | 2024-11-21 | N/A | 7.8 HIGH |
|
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file.
|
|||||
| CVE-2023-3513 | 1 Razer | 1 Razer Central | 2024-11-21 | N/A | 7.8 HIGH |
|
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.
|
|||||
| CVE-2023-3467 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-11-21 | N/A | 8.0 HIGH |
|
Privilege Escalation to root administrator (nsroot)
|
|||||
| CVE-2023-3160 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
|
The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.
|
|||||
| CVE-2023-39740 | 1 Linecorp | 1 Onigiriya-musubee | 2024-11-21 | N/A | 8.2 HIGH |
|
The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
|
|||||
| CVE-2023-39734 | 1 Linecorp | 1 Trackdiner10\/10 Mc | 2024-11-21 | N/A | 8.2 HIGH |
|
The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
|
|||||
| CVE-2023-39733 | 1 Linecorp | 1 Tonton-tei | 2024-11-21 | N/A | 8.2 HIGH |
|
The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
|
|||||
| CVE-2023-39732 | 1 Linecorp | 1 Tokueimaru Waiting | 2024-11-21 | N/A | 8.2 HIGH |
|
The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
|
|||||
| CVE-2023-39375 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | N/A | 7.5 HIGH |
|
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
|
|||||
| CVE-2023-39335 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
|
|||||
| CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
|
|||||