Export limit exceeded: 343535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9056 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31062 | 1 Apache | 1 Inlong | 2024-11-21 | 9.8 Critical |
| Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | ||||
| CVE-2023-30989 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017. | ||||
| CVE-2023-30988 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016. | ||||
| CVE-2023-30713 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. | ||||
| CVE-2023-30691 | 1 Samsung | 2 Android, Samsung Mobile Devices | 2024-11-21 | 8.4 High |
| Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. | ||||
| CVE-2023-30680 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-11-21 | 8.4 High |
| Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. | ||||
| CVE-2023-30642 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. | ||||
| CVE-2023-30601 | 1 Apache | 1 Cassandra | 2024-11-21 | 7.8 High |
| Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. | ||||
| CVE-2023-2816 | 1 Hashicorp | 1 Consul | 2024-11-21 | 8.7 High |
| Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. | ||||
| CVE-2023-2790 | 1 Totolink | 2 N200re, N200re Firmware | 2024-11-21 | 2.3 Low |
| A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2255 | 3 Debian, Libreoffice, Redhat | 3 Debian Linux, Libreoffice, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | ||||
| CVE-2023-29166 | 1 Apple | 1 Pro Video Formats | 2024-11-21 | 8.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges. | ||||
| CVE-2023-28896 | 1 Preh | 2 Mib3, Mib3 Firmware | 2024-11-21 | 3.3 Low |
| Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | ||||
| CVE-2023-28737 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 8.8 High |
| Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28049 | 1 Dell | 1 Command \| Monitor | 2024-11-21 | 4.7 Medium |
| Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. | ||||
| CVE-2023-27795 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. | ||||
| CVE-2023-27793 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. | ||||
| CVE-2023-26236 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-11-21 | 7.8 High |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. | ||||
| CVE-2023-25647 | 1 Zte | 8 Axon 30, Axon 30 Firmware, Axon 40 Pro and 5 more | 2024-11-21 | 4.7 Medium |
| There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. | ||||
| CVE-2023-25535 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | 7.2 High |
| Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 | ||||