Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23427 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23428 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23429 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23430 | 1 Hihonor | 1 Magichome | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23438 | 1 Hihonor | 2 Lge-an00, Lge-an00 Firmware | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions | |||||
| CVE-2023-50267 | 1 Metersphere | 1 Metersphere | 2024-01-04 | N/A | 4.3 MEDIUM |
| MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds. | |||||
| CVE-2023-51386 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-01-04 | N/A | 3.3 LOW |
| Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0. | |||||
| CVE-2020-16875 | 1 Microsoft | 1 Exchange Server | 2023-12-31 | 9.0 HIGH | 8.4 HIGH |
| <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p> | |||||
| CVE-2020-16940 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 4.9 MEDIUM | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing.</p> <p>The security update addresses the vulnerability by correcting how the Windows User Profile Service handles junction points.</p> | |||||
| CVE-2020-16902 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 7.2 HIGH | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.</p> | |||||
| CVE-2020-16993 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 4.6 MEDIUM | 5.4 MEDIUM |
| Azure Sphere Elevation of Privilege Vulnerability | |||||
| CVE-2021-24102 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-24096 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-24087 | 1 Azure-iot-cli-extension | 1 - | 2023-12-29 | 4.6 MEDIUM | 7.0 HIGH |
| Azure IoT CLI extension Elevation of Privilege Vulnerability | |||||
| CVE-2021-1727 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-1709 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.2 HIGH | 7.0 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-1706 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 9.0 HIGH | 7.3 HIGH |
| Windows LUAFV Elevation of Privilege Vulnerability | |||||
| CVE-2021-1704 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-12-29 | 7.2 HIGH | 7.3 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2021-1703 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-29 | 7.2 HIGH | 7.8 HIGH |
| Windows Event Logging Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-1702 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.2 HIGH | 7.8 HIGH |
| Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | |||||