| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-32713 |
269 |
|
|
2023-06-01 |
2023-06-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. |
|
2 |
CVE-2023-32696 |
269 |
|
Exec Code |
2023-05-30 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.
|
|
3 |
CVE-2023-31062 |
269 |
|
|
2023-05-22 |
2023-05-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login
request and following it with a subsequent HTTP request
using the returned cookie.
Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
|
|
4 |
CVE-2023-30622 |
269 |
|
|
2023-04-24 |
2023-05-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue. |
|
5 |
CVE-2023-30601 |
269 |
|
|
2023-05-30 |
2023-06-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.
WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.
MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. |
|
6 |
CVE-2023-30024 |
269 |
|
|
2023-04-28 |
2023-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4. |
|
7 |
CVE-2023-29819 |
269 |
|
Bypass |
2023-05-12 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. |
|
8 |
CVE-2023-29734 |
269 |
|
|
2023-05-30 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database. |
|
9 |
CVE-2023-28855 |
269 |
|
|
2023-04-05 |
2023-04-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue. |
|
10 |
CVE-2023-28632 |
269 |
|
|
2023-04-05 |
2023-04-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to `Forgotten password?` event. However, it will not prevent unauthorized modification of any user emails. |
|
11 |
CVE-2023-28436 |
269 |
|
|
2023-03-23 |
2023-03-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules. A difference in the behavior of the FreeBSD `setgroups` system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules. Tailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria: the destination node was a FreeBSD device with Tailscale SSH enabled; Tailscale SSH access rules permitted access for non-root users; and a non-interactive SSH session was used. Affected users should upgrade to version 1.38.2 to remediate the issue. |
|
12 |
CVE-2023-27830 |
269 |
|
|
2023-04-12 |
2023-04-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account. |
|
13 |
CVE-2023-26475 |
269 |
|
|
2023-03-02 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade. |
|
14 |
CVE-2023-26246 |
269 |
|
Bypass |
2023-04-27 |
2023-05-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. |
|
15 |
CVE-2023-26245 |
269 |
|
Bypass |
2023-04-27 |
2023-05-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system. |
|
16 |
CVE-2023-26244 |
269 |
|
Bypass |
2023-04-27 |
2023-05-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files. |
|
17 |
CVE-2023-25834 |
269 |
|
|
2023-05-09 |
2023-05-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. |
|
18 |
CVE-2023-25590 |
269 |
|
Exec Code |
2023-03-22 |
2023-03-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. |
|
19 |
CVE-2023-25149 |
269 |
|
|
2023-02-14 |
2023-02-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms. |
|
20 |
CVE-2023-25133 |
269 |
|
Exec Code |
2023-04-24 |
2023-05-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. |
|
21 |
CVE-2023-24760 |
269 |
|
|
2023-03-16 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. |
|
22 |
CVE-2023-24483 |
269 |
|
|
2023-02-16 |
2023-02-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. |
|
23 |
CVE-2023-22946 |
269 |
|
Exec Code |
2023-04-17 |
2023-04-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications.
Update to Apache Spark 3.4.0 or later, and ensure that
spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its
default of "false", and is not overridden by submitted applications.
|
|
24 |
CVE-2023-22809 |
269 |
|
|
2023-01-18 |
2023-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. |
|
25 |
CVE-2023-22651 |
269 |
|
|
2023-05-04 |
2023-05-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to
the misconfiguration of the Webhook. This component enforces validation
rules and security checks before resources are admitted into the
Kubernetes cluster.
The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
|
|
26 |
CVE-2023-22645 |
269 |
|
|
2023-04-19 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. |
|
27 |
CVE-2023-22331 |
269 |
|
|
2023-01-20 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. |
|
28 |
CVE-2023-21777 |
269 |
|
|
2023-02-14 |
2023-02-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability |
|
29 |
CVE-2023-21774 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Kernel Elevation of Privilege Vulnerability |
|
30 |
CVE-2023-21773 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Kernel Elevation of Privilege Vulnerability |
|
31 |
CVE-2023-21772 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Kernel Elevation of Privilege Vulnerability |
|
32 |
CVE-2023-21755 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Kernel Elevation of Privilege Vulnerability |
|
33 |
CVE-2023-21730 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
|
34 |
CVE-2023-21561 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
|
35 |
CVE-2023-21552 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows GDI Elevation of Privilege Vulnerability |
|
36 |
CVE-2023-21551 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
|
37 |
CVE-2023-21549 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows SMB Witness Service Elevation of Privilege Vulnerability |
|
38 |
CVE-2023-21531 |
269 |
|
|
2023-01-10 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure Service Fabric Container Elevation of Privilege Vulnerability |
|
39 |
CVE-2023-21458 |
269 |
|
|
2023-03-16 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent. |
|
40 |
CVE-2023-21421 |
269 |
|
|
2023-02-09 |
2023-02-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. |
|
41 |
CVE-2023-20854 |
269 |
|
|
2023-02-03 |
2023-02-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. |
|
42 |
CVE-2023-20655 |
269 |
|
Exec Code |
2023-04-06 |
2023-04-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022. |
|
43 |
CVE-2023-2240 |
269 |
|
|
2023-04-22 |
2023-05-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. |
|
44 |
CVE-2023-1966 |
269 |
|
Exec Code |
2023-04-28 |
2023-05-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Instruments with Illumina Universal Copy Service v1.x and
v2.x contain an unnecessary privileges vulnerability. An unauthenticated
malicious actor could upload and execute code remotely at the operating system
level, which could allow an attacker to change settings, configurations,
software, or access sensitive data on the affected product.
|
|
45 |
CVE-2023-1762 |
269 |
|
|
2023-03-31 |
2023-04-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
|
46 |
CVE-2023-1694 |
269 |
|
|
2023-05-20 |
2023-05-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. |
|
47 |
CVE-2023-1693 |
269 |
|
|
2023-05-20 |
2023-05-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. |
|
48 |
CVE-2023-1548 |
269 |
|
DoS |
2023-04-18 |
2023-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to
perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) |
|
49 |
CVE-2023-1326 |
269 |
|
|
2023-04-13 |
2023-04-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. |
|
50 |
CVE-2023-0959 |
269 |
|
CSRF |
2023-04-05 |
2023-04-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF. |
