Total
1977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20266 | 1 Cisco | 3 Emergency Responder, Unified Communications Manager, Unity Connection | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device. | |||||
| CVE-2023-20235 | 1 Cisco | 20 Catalyst Ie3200 Rugged Switch, Catalyst Ie3300 Rugged Switch, Catalyst Ie3400 Rugged Switch and 17 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. | |||||
| CVE-2023-20194 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 4.9 MEDIUM |
| A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings. | |||||
| CVE-2023-20193 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 6.0 MEDIUM |
| A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec. | |||||
| CVE-2023-20136 | 1 Cisco | 1 Secure Workload | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels. | |||||
| CVE-2023-1966 | 1 Illumina | 22 Iscan, Iscan Firmware, Iseq 100 and 19 more | 2024-11-21 | N/A | 7.4 HIGH |
| Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product. | |||||
| CVE-2023-1762 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2023-1548 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | N/A | 5.5 MEDIUM |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | |||||
| CVE-2023-1326 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | N/A | 7.7 HIGH |
| A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. | |||||
| CVE-2023-0221 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | N/A | 4.4 MEDIUM |
| Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | |||||
| CVE-2022-4687 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.1 HIGH |
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4441 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 7.6 HIGH |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | |||||
| CVE-2022-4314 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. | |||||
| CVE-2022-4281 | 1 Facepay Project | 1 Facepay | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability. | |||||
| CVE-2022-4270 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 2.0 LOW |
| Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | |||||
| CVE-2022-4264 | 1 M-files | 1 M-files | 2024-11-21 | N/A | 6.5 MEDIUM |
| Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | |||||
| CVE-2022-4173 | 1 Avast | 2 Avast, Avg Antivirus | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. | |||||
| CVE-2022-4041 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 5.9 MEDIUM |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | |||||
| CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.8 HIGH |
| The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | |||||
| CVE-2022-46334 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | N/A | 7.8 HIGH |
| Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below. | |||||