Total
2130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39740 | 1 Linecorp | 1 Onigiriya-musubee | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39734 | 1 Linecorp | 1 Trackdiner10\/10 Mc | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39733 | 1 Linecorp | 1 Tonton-tei | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39732 | 1 Linecorp | 1 Tokueimaru Waiting | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39375 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | N/A | 7.5 HIGH |
| SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | |||||
| CVE-2023-39335 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-11-21 | N/A | 9.8 CRITICAL |
| A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources. | |||||
| CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2024-11-21 | N/A | 8.8 HIGH |
| Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2023-38817 | 1 Echo | 1 Anti Cheat Tool | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself." | |||||
| CVE-2023-38734 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2024-11-21 | N/A | 6.6 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. | |||||
| CVE-2023-38292 | 2024-11-21 | N/A | 8.7 HIGH | ||
| Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset. | |||||
| CVE-2023-38280 | 1 Ibm | 1 Hardware Management Console | 2024-11-21 | N/A | 8.4 HIGH |
| IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. | |||||
| CVE-2023-37925 | 1 Zyxel | 58 Atp100, Atp100w, Atp200 and 55 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device. | |||||
| CVE-2023-37907 | 1 Cryptomator | 1 Cryptomator | 2024-11-21 | N/A | 7.0 HIGH |
| Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue. | |||||
| CVE-2023-37866 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8. | |||||
| CVE-2023-37859 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | N/A | 7.2 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | |||||
| CVE-2023-37389 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98. | |||||
| CVE-2023-36721 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.0 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-36657 | 1 Opswat | 1 Metadefender Kiosk | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. | |||||
| CVE-2023-36628 | 1 Purestorage | 1 Purity\/\/fa | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | |||||
| CVE-2023-36100 | 1 Macwk | 1 Icecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. | |||||