Total
2071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43663 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 6.3 MEDIUM |
| PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2023-43506 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | |||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | |||||
| CVE-2023-43120 | 1 Extremenetworks | 1 Exos | 2024-11-21 | N/A | 8.8 HIGH |
| An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. | |||||
| CVE-2023-43018 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | |||||
| CVE-2023-42468 | 1 Azmobileapps | 1 Color Phone | 2024-11-21 | N/A | 5.3 MEDIUM |
| The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call. | |||||
| CVE-2023-41966 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter. | |||||
| CVE-2023-41955 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8. | |||||
| CVE-2023-41954 | 2024-11-21 | N/A | 8.6 HIGH | ||
| Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. | |||||
| CVE-2023-41784 | 1 Zte | 2 Redmagic 8 Pro, Redmagic 8 Pro Firmware | 2024-11-21 | N/A | 6.6 MEDIUM |
| Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | |||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. | |||||
| CVE-2023-41301 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-41138 | 1 Appsanywhere | 1 Appsanywhere Client | 2024-11-21 | N/A | 7.5 HIGH |
| The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. | |||||
| CVE-2023-41099 | 2024-11-21 | N/A | 7.8 HIGH | ||
| In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM). | |||||
| CVE-2023-41053 | 1 Redis | 1 Redis | 2024-11-21 | N/A | 3.3 LOW |
| Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40918 | 1 Knowstreaming Project | 1 Knowstreaming | 2024-11-21 | N/A | 8.8 HIGH |
| KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role. | |||||
| CVE-2023-40686 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.9 MEDIUM |
| Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114. | |||||
| CVE-2023-40685 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.4 HIGH |
| Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116. | |||||
| CVE-2023-40375 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.4 HIGH |
| Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. | |||||