Export limit exceeded: 352830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2736 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21376 | 1 Google | 1 Android | 2025-03-06 | 5.5 Medium |
| In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-26475 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 10 Critical |
| XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade. | ||||
| CVE-2023-2679 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2025-03-05 | 4.1 Medium |
| Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. | ||||
| CVE-2023-30630 | 2 Nongnu, Redhat | 2 Dmidecode, Enterprise Linux | 2025-03-04 | 7.1 High |
| Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly). | ||||
| CVE-2022-48365 | 1 Ibexa | 3 Digital Experience Platform, Ez Platform, Ez Platform Kernel | 2025-03-04 | 7.2 High |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. | ||||
| CVE-2024-0819 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-03-03 | 7.3 High |
| Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. | ||||
| CVE-2022-41032 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, .net, .net Core and 4 more | 2025-02-28 | 7.8 High |
| NuGet Client Elevation of Privilege Vulnerability | ||||
| CVE-2023-38187 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2023-28261 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 5.7 Medium |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2021-31937 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 8.2 High |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2023-32713 | 1 Splunk | 1 Splunk App For Stream | 2025-02-28 | 7.8 High |
| In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. | ||||
| CVE-2023-5402 | 1 Schneider-electric | 1 C-bus Toolkit | 2025-02-27 | 9.8 Critical |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | ||||
| CVE-2023-3676 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2025-02-27 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||||
| CVE-2023-28339 | 1 Opendoas Project | 1 Opendoas | 2025-02-27 | 8.8 High |
| OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later. | ||||
| CVE-2023-25590 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2025-02-27 | 7.8 High |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | ||||
| CVE-2023-21458 | 1 Samsung | 1 Android | 2025-02-26 | 6.2 Medium |
| Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent. | ||||
| CVE-2023-24760 | 1 Ofcms Project | 1 Ofcms | 2025-02-26 | 8.8 High |
| An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. | ||||
| CVE-2023-27094 | 1 Opengoofy | 1 Hippo4j | 2025-02-26 | 8.8 High |
| An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. | ||||
| CVE-2022-43863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-02-25 | 6.7 Medium |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425. | ||||
| CVE-2023-28758 | 1 Veritas | 1 Netbackup | 2025-02-25 | 7.1 High |
| An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | ||||