Total
2157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46647 | 1 Github | 1 Enterprise Server | 2024-11-21 | 8 High |
| Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. | ||||
| CVE-2023-46277 | 1 Edneville | 1 Please | 2024-11-21 | 7.8 High |
| please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) | ||||
| CVE-2023-46145 | 2024-11-21 | 8.8 High | ||
| Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. | ||||
| CVE-2023-45883 | 2 Enghouse, Microsoft | 2 Qumu, Windows | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM. | ||||
| CVE-2023-45581 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-11-21 | 7.9 High |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. | ||||
| CVE-2023-45320 | 2024-11-21 | 6.7 Medium | ||
| Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-45083 | 1 Softiron | 1 Hypercloud | 2024-11-21 | 4.2 Medium |
| An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1. | ||||
| CVE-2023-44809 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2024-11-21 | 9.8 Critical |
| D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. | ||||
| CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-11-21 | 6.7 Medium |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
| CVE-2023-44282 | 1 Dell | 1 Repository Manager | 2024-11-21 | 6.7 Medium |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
| CVE-2023-44250 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 8.3 High |
| An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | ||||
| CVE-2023-44219 | 2 Microsoft, Sonicwall | 2 Windows, Directory Services Connector | 2024-11-21 | 7.8 High |
| A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. | ||||
| CVE-2023-44217 | 1 Sonicwall | 1 Netextender | 2024-11-21 | 7.8 High |
| A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. | ||||
| CVE-2023-44106 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-44105 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-43960 | 2 D-link, Dlink | 3 Dph-400se Fru, Dph-400se, Dph-400se Firmware | 2024-11-21 | 8.8 High |
| An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. | ||||
| CVE-2023-43766 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-11-21 | 7.8 High |
| Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | ||||
| CVE-2023-43664 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 Medium |
| PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue. | ||||
| CVE-2023-43663 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.3 Medium |
| PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2024-11-21 | 7.8 High |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||