Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-01-19 | N/A | 7.5 HIGH |
| The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2024-01-19 | N/A | 7.5 HIGH |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | |||||
| CVE-2023-52107 | 1 Huawei | 2 Emui, Harmonyos | 2024-01-19 | N/A | 7.5 HIGH |
| Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-21638 | 1 Microsoft | 1 Azure Ipam | 2024-01-19 | N/A | 9.8 CRITICAL |
| Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0. | |||||
| CVE-2014-4943 | 5 Debian, Linux, Opensuse and 2 more | 6 Debian Linux, Linux Kernel, Opensuse and 3 more | 2024-01-19 | 6.9 MEDIUM | N/A |
| The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. | |||||
| CVE-2020-1488 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-01-19 | 4.6 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges. | |||||
| CVE-2023-44250 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-01-18 | N/A | 8.8 HIGH |
| An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-6998 | 1 Coolkit | 1 Ewelink | 2024-01-11 | N/A | 7.7 HIGH |
| Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. | |||||
| CVE-2023-30617 | 1 Openkruise | 1 Kruise | 2024-01-11 | N/A | 6.5 MEDIUM |
| Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege. | |||||
| CVE-2023-48418 | 1 Google | 2 Pixel Watch, Pixel Watch Firmware | 2024-01-10 | N/A | 7.8 HIGH |
| In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation | |||||
| CVE-2024-21622 | 1 Craftcms | 1 Craft Cms | 2024-01-10 | N/A | 8.8 HIGH |
| Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. | |||||
| CVE-2023-41776 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-01-09 | N/A | 7.8 HIGH |
| There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | |||||
| CVE-2023-48419 | 1 Google | 8 Home, Home Firmware, Home Mini and 5 more | 2024-01-09 | N/A | 9.8 CRITICAL |
| An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege | |||||
| CVE-2023-50422 | 1 Sap | 1 Cloud-security-services-integration-library | 2024-01-09 | N/A | 9.8 CRITICAL |
| SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | |||||
| CVE-2023-49583 | 1 Sap | 1 \@sap\/xssec | 2024-01-09 | N/A | 9.8 CRITICAL |
| SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | |||||
| CVE-2023-7080 | 1 Cloudflare | 1 Wrangler | 2024-01-05 | N/A | 8.0 HIGH |
| The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. | |||||
| CVE-2023-51433 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51435 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 7.1 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51430 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51429 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||