Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6740 | 1 Tribe29 | 1 Checkmk | 2024-01-19 | N/A | 7.8 HIGH |
| Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||
| CVE-2020-1488 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-01-19 | 4.6 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges. | |||||
| CVE-2023-44250 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-01-18 | N/A | 8.8 HIGH |
| An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-6998 | 1 Coolkit | 1 Ewelink | 2024-01-11 | N/A | 7.7 HIGH |
| Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. | |||||
| CVE-2023-30617 | 1 Openkruise | 1 Kruise | 2024-01-11 | N/A | 6.5 MEDIUM |
| Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege. | |||||
| CVE-2023-48418 | 1 Google | 2 Pixel Watch, Pixel Watch Firmware | 2024-01-10 | N/A | 7.8 HIGH |
| In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation | |||||
| CVE-2024-21622 | 1 Craftcms | 1 Craft Cms | 2024-01-10 | N/A | 8.8 HIGH |
| Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. | |||||
| CVE-2023-41776 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-01-09 | N/A | 7.8 HIGH |
| There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | |||||
| CVE-2023-48419 | 1 Google | 8 Home, Home Firmware, Home Mini and 5 more | 2024-01-09 | N/A | 9.8 CRITICAL |
| An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege | |||||
| CVE-2023-50422 | 1 Sap | 1 Cloud-security-services-integration-library | 2024-01-09 | N/A | 9.8 CRITICAL |
| SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | |||||
| CVE-2023-49583 | 1 Sap | 1 \@sap\/xssec | 2024-01-09 | N/A | 9.8 CRITICAL |
| SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | |||||
| CVE-2023-7080 | 1 Cloudflare | 1 Wrangler | 2024-01-05 | N/A | 8.0 HIGH |
| The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. | |||||
| CVE-2023-51433 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51435 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 7.1 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51430 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51429 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-23427 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23428 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23429 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23430 | 1 Hihonor | 1 Magichome | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||