Total
2157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43506 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2024-11-21 | 7.8 High |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | ||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | 9.8 Critical |
| An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | ||||
| CVE-2023-43120 | 1 Extremenetworks | 1 Exos | 2024-11-21 | 8.8 High |
| An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. | ||||
| CVE-2023-43018 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | ||||
| CVE-2023-42468 | 1 Azmobileapps | 1 Color Phone | 2024-11-21 | 5.3 Medium |
| The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call. | ||||
| CVE-2023-41955 | 2024-11-21 | 8.8 High | ||
| Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8. | ||||
| CVE-2023-41954 | 2024-11-21 | 8.6 High | ||
| Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. | ||||
| CVE-2023-41807 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 9.1 Critical |
| Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41806 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 8.2 High |
| Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41784 | 1 Zte | 2 Redmagic 8 Pro, Redmagic 8 Pro Firmware | 2024-11-21 | 6.6 Medium |
| Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | ||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2024-11-21 | 7.8 High |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. | ||||
| CVE-2023-41715 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | 8.8 High |
| SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | ||||
| CVE-2023-41665 | 2024-11-21 | 8.8 High | ||
| Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. | ||||
| CVE-2023-41419 | 2 Gevent, Redhat | 7 Gevent, Enterprise Linux, Openstack and 4 more | 2024-11-21 | 9.8 Critical |
| An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. | ||||
| CVE-2023-41326 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.1 High |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41324 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.1 High |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41322 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.9 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability. | ||||
| CVE-2023-41312 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. | ||||
| CVE-2023-41309 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-41301 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||