Search Results (1868 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3955 3 Kubernetes, Microsoft, Redhat 4 Kubelet, Kubernetes, Windows and 1 more 2025-02-13 8.8 High
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
CVE-2023-31432 1 Broadcom 1 Brocade Fabric Operating System 2025-02-13 7.8 High
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
CVE-2023-27316 1 Netapp 1 Snapcenter 2025-02-13 8.8 High
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
CVE-2023-45145 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2025-02-13 3.6 Low
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
CVE-2023-41053 2 Redhat, Redis 2 Enterprise Linux, Redis 2025-02-13 3.3 Low
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-32426 1 Apple 1 Macos 2025-02-13 7.8 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.
CVE-2023-29256 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2025-02-13 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.
CVE-2023-27558 2 Ibm, Microsoft 3 Db2, Db2 Windows, Windows 2025-02-13 8.4 High
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.
CVE-2021-26697 1 Apache 1 Airflow 2025-02-13 5.3 Medium
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.
CVE-2018-16838 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2025-02-13 N/A
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
CVE-2018-1495 1 Ibm 4 Flashsystem 840, Flashsystem 840 Firmware, Flashsystem 900 and 1 more 2025-02-13 N/A
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.
CVE-2023-20680 2 Google, Mediatek 22 Android, Mt6779, Mt6781 and 19 more 2025-02-12 6.7 Medium
In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785.
CVE-2023-1762 1 Phpmyfaq 1 Phpmyfaq 2025-02-12 8.8 High
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-51546 1 Webtoffee 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels 2025-02-11 7.2 High
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1.
CVE-2024-11128 1 Bitdefender 1 Virus Scanner 2025-02-11 7.8 High
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.
CVE-2023-0192 4 Citrix, Nvidia, Redhat and 1 more 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more 2025-02-11 4.7 Medium
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.
CVE-2023-27645 1 Powerampapp 1 Poweramp 2025-02-10 9.8 Critical
An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.
CVE-2023-28632 1 Glpi-project 1 Glpi 2025-02-10 8.1 High
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to `Forgotten password?` event. However, it will not prevent unauthorized modification of any user emails.
CVE-2023-28855 1 Teclib-edition 1 Fields 2025-02-10 6.5 Medium
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
CVE-2023-27654 1 Whoapp 1 Who 2025-02-10 9.8 Critical
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.