Total
2486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5650 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2024-11-21 | 5.5 Medium |
| An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device. | ||||
| CVE-2023-5622 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | 7.1 High |
| Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. | ||||
| CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
| Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | ||||
| CVE-2023-5214 | 1 Puppet | 1 Bolt | 2024-11-21 | 6.5 Medium |
| In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | ||||
| CVE-2023-52114 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2023-52107 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-52093 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
| An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-51483 | 1 Glowlogix | 1 Wp Frontend Profile | 2024-11-21 | 9.8 Critical |
| Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. | ||||
| CVE-2023-51481 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. | ||||
| CVE-2023-51476 | 1 Wpmlmsoftware | 1 Wp Mlm Unilevel | 2024-11-21 | 9.8 Critical |
| Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. | ||||
| CVE-2023-51433 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | 2.9 Low |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | ||||
| CVE-2023-51429 | 1 Hihonor | 1 Magic Os | 2024-11-21 | 6 Medium |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | ||||
| CVE-2023-51424 | 2024-11-21 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. | ||||
| CVE-2023-51386 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-11-21 | 7.8 High |
| Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0. | ||||
| CVE-2023-50890 | 2024-11-21 | 8.8 High | ||
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20. | ||||
| CVE-2023-50700 | 2024-11-21 | 7.8 High | ||
| Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method. | ||||
| CVE-2023-50267 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 4.3 Medium |
| MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds. | ||||
| CVE-2023-4834 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | 4.3 Medium |
| In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to. | ||||
| CVE-2023-4697 | 1 Usememos | 1 Memos | 2024-11-21 | 8.8 High |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | ||||