Total
1767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3027 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2024-11-21 | N/A | 7.8 HIGH |
| The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created. | |||||
| CVE-2023-39740 | 1 Linecorp | 1 Onigiriya-musubee | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39734 | 1 Linecorp | 1 Trackdiner10\/10 Mc | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39733 | 1 Linecorp | 1 Tonton-tei | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39732 | 1 Linecorp | 1 Tokueimaru Waiting | 2024-11-21 | N/A | 8.2 HIGH |
| The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39520 | 1 Cryptomator | 1 Cryptomator | 2024-11-21 | N/A | 5.5 MEDIUM |
| Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround. | |||||
| CVE-2023-39375 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | N/A | 7.5 HIGH |
| SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | |||||
| CVE-2023-39335 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-11-21 | N/A | 9.8 CRITICAL |
| A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources. | |||||
| CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2024-11-21 | N/A | 8.8 HIGH |
| Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||||
| CVE-2023-38944 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header. | |||||
| CVE-2023-38817 | 1 Echo | 1 Anti Cheat Tool | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself." | |||||
| CVE-2023-38734 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2024-11-21 | N/A | 6.6 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. | |||||
| CVE-2023-38292 | 2024-11-21 | N/A | 8.7 HIGH | ||
| Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset. | |||||
| CVE-2023-38280 | 1 Ibm | 1 Hardware Management Console | 2024-11-21 | N/A | 8.4 HIGH |
| IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. | |||||
| CVE-2023-37999 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. | |||||
| CVE-2023-37925 | 1 Zyxel | 58 Atp100, Atp100w, Atp200 and 55 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device. | |||||
| CVE-2023-37907 | 1 Cryptomator | 1 Cryptomator | 2024-11-21 | N/A | 7.0 HIGH |
| Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue. | |||||
| CVE-2023-37866 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8. | |||||
| CVE-2023-37859 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | N/A | 7.2 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | |||||
| CVE-2023-37389 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98. | |||||