Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41334 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2023-08-01 | 4.6 MEDIUM | 7.0 HIGH |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||
| CVE-2021-40489 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-26441 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 8.1 and 6 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-40470 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-41347 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-40488 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-40467 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-41335 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-40478 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-01 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-40464 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2023-08-01 | 5.2 MEDIUM | 8.0 HIGH |
| Windows Nearby Sharing Elevation of Privilege Vulnerability | |||||
| CVE-2021-31969 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-29256 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046. | |||||
| CVE-2023-3514 | 1 Razer | 1 Razer Central | 2023-07-27 | N/A | 7.8 HIGH |
| Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. | |||||
| CVE-2023-3513 | 1 Razer | 1 Razer Central | 2023-07-27 | N/A | 7.8 HIGH |
| Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. | |||||
| CVE-2022-38065 | 1 Redhat | 1 Openstack | 2023-07-21 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. | |||||
| CVE-2022-46334 | 1 Proofpoint | 1 Enterprise Protection | 2023-07-11 | N/A | 7.8 HIGH |
| Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below. | |||||
| CVE-2023-25521 | 1 Nvidia | 4 Dgx A100, Dgx A100 Firmware, Dgx A800 and 1 more | 2023-07-10 | N/A | 7.8 HIGH |
| NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
| CVE-2023-2847 | 1 Eset | 3 Cyber Security, Endpoint Antivirus, Server Security | 2023-07-05 | N/A | 7.8 HIGH |
| During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. | |||||
| CVE-2023-26062 | 1 Nokia | 1 Web Element Manager | 2023-06-30 | N/A | 7.8 HIGH |
| A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network. | |||||
| CVE-2023-34465 | 1 Xwiki | 1 Xwiki | 2023-06-30 | N/A | 8.1 HIGH |
| XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group). | |||||