Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34621 | 1 Properfraction | 1 Profilepress | 2023-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2023-05-26 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-1694 | 1 Huawei | 2 Emui, Harmonyos | 2023-05-26 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-45452 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2023-05-26 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2023-2679 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2023-05-25 | N/A | 4.3 MEDIUM |
| Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. | |||||
| CVE-2019-17202 | 1 Fasttracksoftware | 1 Admin By Request | 2023-05-25 | 7.2 HIGH | 7.8 HIGH |
| FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege. | |||||
| CVE-2023-29819 | 1 Webroot | 1 Secureanywhere | 2023-05-24 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | |||||
| CVE-2020-3265 | 1 Cisco | 15 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 12 more | 2023-05-23 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | |||||
| CVE-2023-25834 | 1 Esri | 1 Portal For Arcgis | 2023-05-22 | N/A | 5.4 MEDIUM |
| Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | |||||
| CVE-2020-23362 | 1 Yershop Project | 1 Yershop | 2023-05-16 | N/A | 7.1 HIGH |
| Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | |||||
| CVE-2023-30024 | 1 Magicjack | 2 A921, A921 Firmware | 2023-05-12 | N/A | 6.6 MEDIUM |
| The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4. | |||||
| CVE-2023-1548 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2023-05-12 | N/A | 5.5 MEDIUM |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | |||||
| CVE-2023-29240 | 1 F5 | 1 Big-iq Centralized Management | 2023-05-10 | N/A | 5.4 MEDIUM |
| An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-22651 | 1 Suse | 1 Rancher | 2023-05-10 | N/A | 9.9 CRITICAL |
| Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. | |||||
| CVE-2023-1966 | 1 Illumina | 22 Iscan, Iscan Firmware, Iseq 100 and 19 more | 2023-05-09 | N/A | 9.8 CRITICAL |
| Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product. | |||||
| CVE-2022-3405 | 3 Acronis, Linux, Microsoft | 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more | 2023-05-09 | N/A | 8.8 HIGH |
| Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | |||||
| CVE-2023-29056 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2023-05-08 | N/A | 5.9 MEDIUM |
| A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. | |||||
| CVE-2023-26245 | 1 Hyundai | 2 Gen5w L In-vehicle Infotainment System, Gen5w L In-vehicle Infotainment System Firmware | 2023-05-08 | N/A | 7.8 HIGH |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system. | |||||
| CVE-2023-26246 | 1 Hyundai | 2 Gen5w L In-vehicle Infotainment System, Gen5w L In-vehicle Infotainment System Firmware | 2023-05-08 | N/A | 7.8 HIGH |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. | |||||
| CVE-2023-26244 | 1 Hyundai | 2 Gen5w L In-vehicle Infotainment System, Gen5w L In-vehicle Infotainment System Firmware | 2023-05-08 | N/A | 7.8 HIGH |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files. | |||||