Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45853 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2023-06-06 | N/A | 6.7 MEDIUM |
| The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH. | |||||
| CVE-2023-29734 | 1 Mwm | 1 Edjing Mix | 2023-06-06 | N/A | 9.8 CRITICAL |
| An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database. | |||||
| CVE-2023-32696 | 1 Okfn | 1 Ckan | 2023-06-06 | N/A | 8.8 HIGH |
| CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch. | |||||
| CVE-2023-30601 | 1 Apache | 1 Cassandra | 2023-06-05 | N/A | 7.8 HIGH |
| Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. | |||||
| CVE-2018-16838 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2023-05-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | |||||
| CVE-2023-31062 | 1 Apache | 1 Inlong | 2023-05-27 | N/A | 9.8 CRITICAL |
| Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | |||||
| CVE-2021-34622 | 1 Properfraction | 1 Profilepress | 2023-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2021-34621 | 1 Properfraction | 1 Profilepress | 2023-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2023-05-26 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-1694 | 1 Huawei | 2 Emui, Harmonyos | 2023-05-26 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-45452 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2023-05-26 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2023-2679 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2023-05-25 | N/A | 4.3 MEDIUM |
| Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. | |||||
| CVE-2019-17202 | 1 Fasttracksoftware | 1 Admin By Request | 2023-05-25 | 7.2 HIGH | 7.8 HIGH |
| FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege. | |||||
| CVE-2023-29819 | 1 Webroot | 1 Secureanywhere | 2023-05-24 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | |||||
| CVE-2020-3265 | 1 Cisco | 15 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 12 more | 2023-05-23 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | |||||
| CVE-2023-25834 | 1 Esri | 1 Portal For Arcgis | 2023-05-22 | N/A | 5.4 MEDIUM |
| Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | |||||
| CVE-2020-23362 | 1 Yershop Project | 1 Yershop | 2023-05-16 | N/A | 7.1 HIGH |
| Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | |||||
| CVE-2023-30024 | 1 Magicjack | 2 A921, A921 Firmware | 2023-05-12 | N/A | 6.6 MEDIUM |
| The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4. | |||||
| CVE-2023-1548 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2023-05-12 | N/A | 5.5 MEDIUM |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | |||||
| CVE-2023-29240 | 1 F5 | 1 Big-iq Centralized Management | 2023-05-10 | N/A | 5.4 MEDIUM |
| An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||