Total
2355 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41053 | 1 Redis | 1 Redis | 2024-11-21 | N/A | 3.3 LOW |
| Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41036 | 1 Macvim | 1 Macvim | 2024-11-21 | N/A | 7.8 HIGH |
| Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue. | |||||
| CVE-2023-40918 | 1 Knowstreaming Project | 1 Knowstreaming | 2024-11-21 | N/A | 8.8 HIGH |
| KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role. | |||||
| CVE-2023-40686 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.9 MEDIUM |
| Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114. | |||||
| CVE-2023-40685 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.4 HIGH |
| Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116. | |||||
| CVE-2023-40375 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.4 HIGH |
| Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. | |||||
| CVE-2023-40155 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-3514 | 1 Razer | 1 Razer Central | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. | |||||
| CVE-2023-3513 | 1 Razer | 1 Razer Central | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. | |||||
| CVE-2023-3160 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
| The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. | |||||
| CVE-2023-39740 | 1 Linecorp | 1 Onigiriya-musubee | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39734 | 1 Linecorp | 1 Trackdiner10\/10 Mc | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39733 | 1 Linecorp | 1 Tonton-tei | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39732 | 1 Linecorp | 1 Tokueimaru Waiting | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39375 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | N/A | 7.5 HIGH |
| SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | |||||
| CVE-2023-39335 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-11-21 | N/A | 9.8 CRITICAL |
| A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources. | |||||
| CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2024-11-21 | N/A | 8.8 HIGH |
| Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2023-38817 | 1 Echo | 1 Anti Cheat Tool | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself." | |||||
| CVE-2023-38734 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2024-11-21 | N/A | 6.6 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. | |||||
| CVE-2023-38292 | 2024-11-21 | N/A | 8.7 HIGH | ||
| Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset. | |||||