Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43664 | 1 Prestashop | 1 Prestashop | 2023-10-03 | N/A | 4.3 MEDIUM |
| PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue. | |||||
| CVE-2023-33972 | 1 Scylladb | 1 Scylladb | 2023-10-02 | N/A | 8.8 HIGH |
| Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users. | |||||
| CVE-2023-40375 | 1 Ibm | 1 I | 2023-09-29 | N/A | 7.8 HIGH |
| Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. | |||||
| CVE-2023-34043 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2023-09-29 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2023-41322 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 8.8 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability. | |||||
| CVE-2023-41324 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 8.8 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41326 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 8.8 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41309 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-28 | N/A | 7.5 HIGH |
| Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-41312 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-28 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. | |||||
| CVE-2023-39375 | 1 Siberiancms | 1 Siberiancms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | |||||
| CVE-2022-22483 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-09-21 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. | |||||
| CVE-2023-36657 | 1 Opswat | 1 Metadefender Kiosk | 2023-09-19 | N/A | 9.8 CRITICAL |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. | |||||
| CVE-2023-41053 | 1 Redis | 1 Redis | 2023-09-16 | N/A | 3.3 LOW |
| Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40918 | 1 Knowstreaming Project | 1 Knowstreaming | 2023-09-08 | N/A | 8.8 HIGH |
| KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role. | |||||
| CVE-2022-46869 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2023-09-07 | N/A | 7.8 HIGH |
| Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278. | |||||
| CVE-2022-45451 | 1 Acronis | 3 Agent, Cyber Protect, Cyber Protect Home Office | 2023-09-06 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2023-09-06 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. | |||||
| CVE-2023-31175 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2023-09-05 | N/A | 9.8 CRITICAL |
| An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-32457 | 1 Dell | 1 Powerscale Onefs | 2023-09-01 | N/A | 8.8 HIGH |
| Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2023-4697 | 1 Usememos | 1 Memos | 2023-09-01 | N/A | 8.8 HIGH |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | |||||