Page 136 of 3512 results (0.101 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-47637 – SQL Injection in Admin Grid Filter API in Pimcore

https://notcve.org/view.php?id=CVE-2023-47637

Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. • https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311 https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0 https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0

CVE-2023-33873 – AVEVA Operations Control Logger Execution with Unnecessary Privileges

https://notcve.org/view.php?id=CVE-2023-33873

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 • CWE-250: Execution with Unnecessary Privileges

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-5528 – Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

https://notcve.org/view.php?id=CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. ... A flaw was found in Kubernetes, where a user who can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. • https://github.com/kubernetes/kubernetes/issues/121879 https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4 https://security.netapp.com/advisory/ntap-20240119 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-26205

https://notcve.org/view.php?id=CVE-2023-26205

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script. • https://fortiguard.com/psirt/FG-IR-22-292 • CWE-284: Improper Access Control •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-45794

https://notcve.org/view.php?id=CVE-2023-45794

A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. • https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf • CWE-294: Authentication Bypass by Capture-replay •