Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38734 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2023-08-26 | N/A | 9.8 CRITICAL |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. | |||||
| CVE-2014-3534 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-08-25 | 7.2 HIGH | N/A |
| arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. | |||||
| CVE-2023-3160 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2023-08-21 | N/A | 7.8 HIGH |
| The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. | |||||
| CVE-2023-27558 | 2 Ibm, Microsoft | 2 Db2, Windows | 2023-08-18 | N/A | 7.8 HIGH |
| IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194. | |||||
| CVE-2021-28411 | 1 Ruoyi | 1 Ruoyi | 2023-08-18 | N/A | 9.8 CRITICAL |
| An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. | |||||
| CVE-2023-37859 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-15 | N/A | 7.2 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | |||||
| CVE-2021-3020 | 1 Clusterlabs | 1 Hawk | 2023-08-08 | N/A | 8.8 HIGH |
| An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. | |||||
| CVE-2022-34006 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | |||||
| CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | |||||
| CVE-2022-29587 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2023-08-08 | 4.7 MEDIUM | 4.0 MEDIUM |
| Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. | |||||
| CVE-2022-22483 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. | |||||
| CVE-2022-47505 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.8 HIGH |
| The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | |||||
| CVE-2023-37907 | 1 Cryptomator | 1 Cryptomator | 2023-08-03 | N/A | 7.8 HIGH |
| Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue. | |||||
| CVE-2021-31168 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-31169 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-41339 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2023-08-01 | 4.6 MEDIUM | 4.7 MEDIUM |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2021-40443 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-40466 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-40477 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-41348 | 1 Microsoft | 1 Exchange Server | 2023-08-01 | 5.2 MEDIUM | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||