Total
2157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30989 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017. | ||||
| CVE-2023-30988 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016. | ||||
| CVE-2023-30799 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 9.1 Critical |
| MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2023-30713 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. | ||||
| CVE-2023-30680 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-11-21 | 8.4 High |
| Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. | ||||
| CVE-2023-30642 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. | ||||
| CVE-2023-30617 | 1 Openkruise | 1 Kruise | 2024-11-21 | 6.5 Medium |
| Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege. | ||||
| CVE-2023-30601 | 1 Apache | 1 Cassandra | 2024-11-21 | 7.8 High |
| Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. | ||||
| CVE-2023-29166 | 1 Apple | 1 Pro Video Formats | 2024-11-21 | 8.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges. | ||||
| CVE-2023-29066 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 3.2 Low |
| The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. | ||||
| CVE-2023-28737 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 8.8 High |
| Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28049 | 1 Dell | 1 Command \| Monitor | 2024-11-21 | 4.7 Medium |
| Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. | ||||
| CVE-2023-27795 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. | ||||
| CVE-2023-27793 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. | ||||
| CVE-2023-26540 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | ||||
| CVE-2023-26236 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-11-21 | 7.8 High |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. | ||||
| CVE-2023-26009 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | ||||
| CVE-2023-25701 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. | ||||
| CVE-2023-25647 | 1 Zte | 8 Axon 30, Axon 30 Firmware, Axon 40 Pro and 5 more | 2024-11-21 | 4.7 Medium |
| There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. | ||||
| CVE-2023-25535 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | 7.2 High |
| Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 | ||||