Total
1965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5402 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-08-02 | 9.8 Critical |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | ||||
| CVE-2023-4976 | 2024-08-02 | N/A | ||
| A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. | ||||
| CVE-2023-4697 | 1 Usememos | 1 Memos | 2024-08-02 | 8.8 High |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | ||||
| CVE-2023-4662 | 1 Saphira | 1 Connect | 2024-08-02 | 9.8 Critical |
| Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4607 | 1 Lenovo | 231 Thinkagile Hx1021 Edg, Thinkagile Hx1021 Edg Firmware, Thinkagile Hx1320 and 228 more | 2024-08-02 | 7.5 High |
| An authenticated XCC user can change permissions for any user through a crafted API command. | ||||
| CVE-2023-4404 | 1 Wpcharitable | 1 Charitable | 2024-08-02 | 9.8 Critical |
| The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | ||||
| CVE-2023-4009 | 1 Mongodb | 1 Ops Manager Server | 2024-08-02 | 7.2 High |
| In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | ||||
| CVE-2023-3955 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2024-08-02 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||||
| CVE-2023-3893 | 1 Kubernetes | 1 Csi Proxy | 2024-08-02 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. | ||||
| CVE-2023-3699 | 1 Asustor | 1 Data Master | 2024-08-02 | 8.7 High |
| An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | ||||
| CVE-2023-3676 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2024-08-02 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||||
| CVE-2023-3513 | 1 Razer | 1 Razer Central | 2024-08-02 | 7.8 High |
| Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. | ||||
| CVE-2023-3467 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-08-02 | 8 High |
| Privilege Escalation to root administrator (nsroot) | ||||
| CVE-2023-3514 | 1 Razer | 1 Razer Central | 2024-08-02 | 7.8 High |
| Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. | ||||
| CVE-2023-3379 | 1 Wago | 14 Compact Controller 100, Compact Controller 100 Firmware, Edge Controller and 11 more | 2024-08-02 | 5.3 Medium |
| Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. | ||||
| CVE-2023-3160 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2024-08-02 | 7.8 High |
| The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. | ||||
| CVE-2023-3027 | 1 Redhat | 2 Acm, Advanced Cluster Management For Kubernetes | 2024-08-02 | 7.8 High |
| The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created. | ||||
| CVE-2023-2847 | 1 Eset | 3 Cyber Security, Endpoint Antivirus, Server Security | 2024-08-02 | 7.8 High |
| During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. | ||||
| CVE-2023-2833 | 1 Wpdeveloper | 1 Reviewx | 2024-08-02 | 8.8 High |
| The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. | ||||
| CVE-2023-2679 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2024-08-02 | 4.1 Medium |
| Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. | ||||