Total
1767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44105 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 9.8 CRITICAL |
| Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-4697 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 8.8 HIGH |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | |||||
| CVE-2023-36657 | 1 Opswat | 1 Metadefender Kiosk | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. | |||||
| CVE-2023-20235 | 1 Cisco | 20 Catalyst Ie3200 Rugged Switch, Catalyst Ie3300 Rugged Switch, Catalyst Ie3400 Rugged Switch and 17 more | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. | |||||
| CVE-2023-40686 | 1 Ibm | 1 I | 2024-02-28 | N/A | 7.8 HIGH |
| Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114. | |||||
| CVE-2023-31432 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 7.8 HIGH |
| Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
| CVE-2023-4834 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-02-28 | N/A | 4.3 MEDIUM |
| In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to. | |||||
| CVE-2023-30713 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. | |||||
| CVE-2023-4404 | 1 Wpcharitable | 1 Charitable | 2024-02-28 | N/A | 9.8 CRITICAL |
| The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | |||||
| CVE-2023-5214 | 1 Puppet | 1 Bolt | 2024-02-28 | N/A | 9.8 CRITICAL |
| In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | |||||
| CVE-2023-5622 | 1 Tenable | 1 Nessus Network Monitor | 2024-02-28 | N/A | 8.8 HIGH |
| Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. | |||||
| CVE-2023-41715 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-02-28 | N/A | 8.8 HIGH |
| SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | |||||
| CVE-2023-20266 | 1 Cisco | 3 Emergency Responder, Unified Communications Manager, Unity Connection | 2024-02-28 | N/A | 7.2 HIGH |
| A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device. | |||||
| CVE-2023-34043 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2024-02-28 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2023-34057 | 2 Apple, Vmware | 2 Macos, Tools | 2024-02-28 | N/A | 7.8 HIGH |
| VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. | |||||
| CVE-2023-20194 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | N/A | 4.9 MEDIUM |
| A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings. | |||||
| CVE-2023-4009 | 1 Mongodb | 1 Ops Manager Server | 2024-02-28 | N/A | 7.2 HIGH |
| In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | |||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. | |||||
| CVE-2023-44219 | 2 Microsoft, Sonicwall | 2 Windows, Directory Services Connector | 2024-02-28 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. | |||||
| CVE-2023-37859 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-02-28 | N/A | 7.2 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | |||||