Total
1965 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2485 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.4 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. | ||||
CVE-2023-2240 | 1 Microweber | 1 Microweber | 2024-08-02 | 8.8 High |
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. | ||||
CVE-2023-1966 | 1 Illumina | 22 Iscan, Iscan Firmware, Iseq 100 and 19 more | 2024-08-02 | 7.4 High |
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product. | ||||
CVE-2023-1762 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 8.8 High |
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
CVE-2023-1694 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | ||||
CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | ||||
CVE-2023-1548 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-08-02 | 5.5 Medium |
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | ||||
CVE-2023-1326 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-08-02 | 7.7 High |
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. | ||||
CVE-2023-0971 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-08-02 | 9.6 Critical |
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | ||||
CVE-2023-0959 | 1 Imaworldhealth | 1 Bhima | 2024-08-02 | 6.5 Medium |
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF. | ||||
CVE-2023-0872 | 1 Opennms | 2 Horizon, Meridian | 2024-08-02 | 8.2 High |
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. | ||||
CVE-2023-0664 | 4 Fedoraproject, Microsoft, Qemu and 1 more | 4 Fedora, Windows, Qemu and 1 more | 2024-08-02 | 7.8 High |
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. | ||||
CVE-2023-0242 | 1 Rapid7 | 1 Velociraptor | 2024-08-02 | 8.8 High |
Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. The VQL copy() function applies permission checks for reading files but does not check for permission to write files. This allows a low privilege user (usually, users with the Velociraptor "investigator" role) to overwrite files on the server, including Velociraptor configuration files. To exploit this vulnerability, the attacker must already have a Velociraptor user account at a low privilege level (at least "analyst") and be able to log into the GUI and create a notebook where they can run the VQL query invoking the copy() VQL function. Typically, most users deploy Velociraptor with limited access to a trusted group (most users will be administrators within the GUI). This vulnerability is associated with program files https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go and program routines copy(). This issue affects Velociraptor versions before 0.6.7-5. Version 0.6.7-5, released January 16, 2023, fixes the issue. | ||||
CVE-2023-0221 | 1 Mcafee | 1 Application And Change Control | 2024-08-02 | 4.4 Medium |
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | ||||
CVE-2023-0192 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-08-02 | 4.7 Medium |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. | ||||
CVE-2023-0101 | 1 Tenable | 1 Nessus | 2024-08-02 | 8.8 High |
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host. | ||||
CVE-2024-42050 | 2024-08-02 | 7 High | ||
The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg. | ||||
CVE-2024-40802 | 1 Apple | 1 Macos | 2024-08-02 | 7.8 High |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
CVE-2024-40781 | 2024-08-02 | 8.4 High | ||
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
CVE-2024-39302 | 2024-08-02 | 3.7 Low | ||
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7. |