Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-27558 | Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. | 7.8 |
| 2023-07-10 | CVE-2023-29256 | Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. | 6.5 |
| 2023-07-06 | CVE-2023-30642 | Improper Privilege Management vulnerability in Samsung Android 12.0/13.0 Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. | 5.5 |
| 2023-07-04 | CVE-2023-25521 | Improper Privilege Management vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. | 7.8 |
| 2023-06-28 | CVE-2023-20136 | Improper Privilege Management vulnerability in Cisco Secure Workload A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. | 6.5 |
| 2023-06-26 | CVE-2023-34146 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | 7.8 |
| 2023-06-26 | CVE-2023-34147 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | 7.8 |
| 2023-06-26 | CVE-2023-34148 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | 7.8 |
| 2023-06-23 | CVE-2023-34465 | Improper Privilege Management vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.1 |
| 2023-06-23 | CVE-2023-31469 | Improper Privilege Management vulnerability in Apache Streampipes A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. | 8.8 |