Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2023-12-29 CVE-2023-23428 Improper Privilege Management vulnerability in Hihonor Magic OS
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
network
low complexity
hihonor CWE-269
7.5
2023-12-29 CVE-2023-23429 Improper Privilege Management vulnerability in Hihonor Magic OS
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
network
low complexity
hihonor CWE-269
7.5
2023-12-29 CVE-2023-23430 Improper Privilege Management vulnerability in Hihonor Magichome
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
network
low complexity
hihonor CWE-269
7.5
2023-12-29 CVE-2023-23438 Improper Privilege Management vulnerability in Hihonor Lge-An00 Firmware
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions
local
low complexity
hihonor CWE-269
5.5
2023-12-23 CVE-2023-7090 Improper Privilege Management vulnerability in Sudo Project Sudo
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo.
network
low complexity
sudo-project CWE-269
8.8
2023-12-22 CVE-2023-51386 Improper Privilege Management vulnerability in Amazon Awslabs Sandbox Accounts for Events
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI.
local
low complexity
amazon CWE-269
3.3
2023-12-21 CVE-2023-46647 Improper Privilege Management vulnerability in Github Enterprise Server
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
network
low complexity
github CWE-269
8.8
2023-12-21 CVE-2023-6804 Improper Privilege Management vulnerability in Github Enterprise Server
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT.
local
low complexity
github CWE-269
5.5
2023-12-19 CVE-2023-47267 Improper Privilege Management vulnerability in Thegreenbow products
An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.
network
low complexity
thegreenbow CWE-269
critical
9.8
2023-12-17 CVE-2023-3907 Improper Privilege Management vulnerability in Gitlab
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner
network
low complexity
gitlab CWE-269
8.8