Total
2355 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4697 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | |||||
| CVE-2023-4607 | 1 Lenovo | 231 Thinkagile Hx1021 Edg, Thinkagile Hx1021 Edg Firmware, Thinkagile Hx1320 and 228 more | 2024-11-21 | N/A | 7.5 HIGH |
| An authenticated XCC user can change permissions for any user through a crafted API command. | |||||
| CVE-2023-4404 | 1 Wpcharitable | 1 Charitable | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | |||||
| CVE-2023-49232 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users. | |||||
| CVE-2023-48757 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4. | |||||
| CVE-2023-48406 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-47782 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0. | |||||
| CVE-2023-47715 | 1 Ibm | 1 Storage Protect Plus | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538. | |||||
| CVE-2023-47683 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6. | |||||
| CVE-2023-47682 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5. | |||||
| CVE-2023-47201 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200. | |||||
| CVE-2023-47101 | 1 Securepoint | 1 Openvpn-client | 2024-11-21 | N/A | 7.8 HIGH |
| The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. | |||||
| CVE-2023-46756 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | |||||
| CVE-2023-46647 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 8.0 HIGH |
| Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. | |||||
| CVE-2023-46277 | 1 Edneville | 1 Please | 2024-11-21 | N/A | 7.8 HIGH |
| please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) | |||||
| CVE-2023-45883 | 2 Enghouse, Microsoft | 2 Qumu, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM. | |||||
| CVE-2023-45253 | 2 Huddly, Microsoft | 2 Huddlycameraservices, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. | |||||
| CVE-2023-45083 | 1 Softiron | 1 Hypercloud | 2024-11-21 | N/A | 4.2 MEDIUM |
| An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1. | |||||
| CVE-2023-44809 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. | |||||
| CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | |||||