Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-20235 Improper Privilege Management vulnerability in Cisco IOS XE
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode.
network
low complexity
cisco CWE-269
8.8
2023-09-28 CVE-2023-40375 Improper Privilege Management vulnerability in IBM I
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability.
local
low complexity
ibm CWE-269
7.8
2023-09-27 CVE-2023-34043 Improper Privilege Management vulnerability in VMWare Aria Operations and Cloud Foundation
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
local
low complexity
vmware CWE-269
6.7
2023-09-27 CVE-2023-39375 Improper Privilege Management vulnerability in Siberiancms
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
network
low complexity
siberiancms CWE-269
critical
9.8
2023-09-15 CVE-2023-36657 Improper Privilege Management vulnerability in Opswat Metadefender Kiosk
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996.
network
low complexity
opswat CWE-269
critical
9.8
2023-09-07 CVE-2023-20193 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root.
local
low complexity
cisco CWE-269
6.7
2023-09-07 CVE-2023-20194 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device.
network
low complexity
cisco CWE-269
4.9
2023-09-06 CVE-2020-10129 Improper Privilege Management vulnerability in Searchblox
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
network
low complexity
searchblox CWE-269
8.8
2023-09-06 CVE-2023-30713 Improper Privilege Management vulnerability in Samsung Android 11.0/12.0
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
local
low complexity
samsung CWE-269
5.5
2023-09-05 CVE-2023-40918 Improper Privilege Management vulnerability in Knowstreaming Project Knowstreaming 3.3.0
KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges.
network
low complexity
knowstreaming-project CWE-269
8.8