Total
2348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30989 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017. | ||||
| CVE-2023-30988 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016. | ||||
| CVE-2023-30799 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 9.1 Critical |
| MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2023-30713 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. | ||||
| CVE-2023-30680 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-11-21 | 8.4 High |
| Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. | ||||
| CVE-2023-30642 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. | ||||
| CVE-2023-30601 | 1 Apache | 1 Cassandra | 2024-11-21 | 7.8 High |
| Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. | ||||
| CVE-2023-29166 | 1 Apple | 1 Pro Video Formats | 2024-11-21 | 8.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges. | ||||
| CVE-2023-29066 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 3.2 Low |
| The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. | ||||
| CVE-2023-28737 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 8.8 High |
| Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28049 | 1 Dell | 1 Command \| Monitor | 2024-11-21 | 4.7 Medium |
| Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. | ||||
| CVE-2023-27795 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. | ||||
| CVE-2023-27793 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. | ||||
| CVE-2023-26540 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | ||||
| CVE-2023-26236 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-11-21 | 7.8 High |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. | ||||
| CVE-2023-26009 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | ||||
| CVE-2023-25701 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. | ||||
| CVE-2023-25647 | 1 Zte | 8 Axon 30, Axon 30 Firmware, Axon 40 Pro and 5 more | 2024-11-21 | 4.7 Medium |
| There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. | ||||
| CVE-2023-25535 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | 7.2 High |
| Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 | ||||
| CVE-2023-24491 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | 7.8 High |
| A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. | ||||