Total
2130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35676 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35671 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35667 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-34465 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group). | |||||
| CVE-2023-34043 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2024-11-21 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2023-33327 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. | |||||
| CVE-2023-32713 | 1 Splunk | 1 Splunk App For Stream | 2024-11-21 | N/A | 7.8 HIGH |
| In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. | |||||
| CVE-2023-32696 | 1 Okfn | 1 Ckan | 2024-11-21 | N/A | 8.8 HIGH |
| CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch. | |||||
| CVE-2023-32457 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 7.5 HIGH |
| Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2023-32451 | 1 Dell | 1 Display Manager | 2024-11-21 | N/A | 7.3 HIGH |
| Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation | |||||
| CVE-2023-32426 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges. | |||||
| CVE-2023-32244 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | |||||
| CVE-2023-31469 | 1 Apache | 1 Streampipes | 2024-11-21 | N/A | 8.8 HIGH |
| A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0. | |||||
| CVE-2023-31273 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 10.0 CRITICAL |
| Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-31175 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2024-11-21 | N/A | 8.8 HIGH |
| An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-31062 | 1 Apache | 1 Inlong | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | |||||
| CVE-2023-31005 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | |||||
| CVE-2023-30713 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
| Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. | |||||
| CVE-2023-30680 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.4 HIGH |
| Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. | |||||
| CVE-2023-30642 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
| Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. | |||||