Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44217 | 1 Sonicwall | 1 Netextender | 2023-10-04 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. | |||||
| CVE-2014-3534 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-10-03 | 7.2 HIGH | N/A |
| arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. | |||||
| CVE-2023-43663 | 1 Prestashop | 1 Prestashop | 2023-10-03 | N/A | 4.3 MEDIUM |
| PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-43664 | 1 Prestashop | 1 Prestashop | 2023-10-03 | N/A | 4.3 MEDIUM |
| PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue. | |||||
| CVE-2023-33972 | 1 Scylladb | 1 Scylladb | 2023-10-02 | N/A | 8.8 HIGH |
| Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users. | |||||
| CVE-2023-40375 | 1 Ibm | 1 I | 2023-09-29 | N/A | 7.8 HIGH |
| Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. | |||||
| CVE-2023-34043 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2023-09-29 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2023-41322 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 8.8 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability. | |||||
| CVE-2023-41324 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 8.8 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41326 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 8.8 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41309 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-28 | N/A | 7.5 HIGH |
| Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-41312 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-28 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. | |||||
| CVE-2023-39375 | 1 Siberiancms | 1 Siberiancms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | |||||
| CVE-2022-22483 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-09-21 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. | |||||
| CVE-2023-36657 | 1 Opswat | 1 Metadefender Kiosk | 2023-09-19 | N/A | 9.8 CRITICAL |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. | |||||
| CVE-2023-41053 | 1 Redis | 1 Redis | 2023-09-16 | N/A | 3.3 LOW |
| Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40918 | 1 Knowstreaming Project | 1 Knowstreaming | 2023-09-08 | N/A | 8.8 HIGH |
| KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role. | |||||
| CVE-2022-46869 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2023-09-07 | N/A | 7.8 HIGH |
| Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278. | |||||
| CVE-2022-45451 | 1 Acronis | 3 Agent, Cyber Protect, Cyber Protect Home Office | 2023-09-06 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2023-09-06 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. | |||||