Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-269
Total 1509 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-21755 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2023-01-18 N/A 7.8 HIGH
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.
CVE-2021-4200 1 Suse 1 Rancher 2023-01-18 5.5 MEDIUM 5.4 MEDIUM
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.
CVE-2023-21730 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2023-01-17 N/A 7.8 HIGH
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21551, CVE-2023-21561.
CVE-2014-9322 6 Canonical, Google, Linux and 3 more 6 Ubuntu Linux, Android, Linux Kernel and 3 more 2023-01-17 7.2 HIGH 7.8 HIGH
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
CVE-2019-13272 6 Canonical, Debian, Fedoraproject and 3 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2023-01-17 7.2 HIGH 7.8 HIGH
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVE-2023-21551 1 Microsoft 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more 2023-01-17 N/A 7.8 HIGH
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21561, CVE-2023-21730.
CVE-2023-21531 1 Microsoft 1 Azure Service Fabric 2023-01-17 N/A 7.0 HIGH
Azure Service Fabric Container Elevation of Privilege Vulnerability.
CVE-2023-21552 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2023-01-17 N/A 7.8 HIGH
Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21532.
CVE-2023-21549 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more 2023-01-17 N/A 8.8 HIGH
Windows SMB Witness Service Elevation of Privilege Vulnerability.
CVE-2023-21561 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2023-01-17 N/A 8.8 HIGH
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21551, CVE-2023-21730.
CVE-2023-21542 1 Microsoft 9 Windows 10 1607, Windows 7, Windows 8.1 and 6 more 2023-01-15 N/A 7.0 HIGH
Windows Installer Elevation of Privilege Vulnerability.
CVE-2022-36443 1 Zebra 1 Enterprise Home Screen 2023-01-13 N/A 7.8 HIGH
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.
CVE-2022-0668 1 Jfrog 1 Artifactory 2023-01-12 N/A 9.8 CRITICAL
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
CVE-2019-17202 1 Fasttracksoftware 1 Admin By Request 2023-01-12 7.2 HIGH 7.8 HIGH
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.
CVE-2021-41073 4 Debian, Fedoraproject, Linux and 1 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2023-01-11 7.2 HIGH 7.8 HIGH
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2022-46172 1 Goauthentik 1 Authentik 2023-01-06 N/A 6.4 MEDIUM
authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create new accounts by themselves. This may also affect other applications as these new basic accounts would exist throughout the SSO infrastructure. By default the newly created accounts cannot be logged into as no password reset exists by default. However password resets are likely to be enabled by most installations. This vulnerability pertains to the user context used in the default-user-settings-flow, /api/v3/flows/instances/default-user-settings-flow/execute/. This issue has been fixed in versions 2022.10.4 and 2022.11.4.
CVE-2022-4808 1 Usememos 1 Memos 2023-01-05 N/A 8.8 HIGH
Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-37706 1 Enlightenment 1 Enlightenment 2023-01-04 N/A 7.8 HIGH
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
CVE-2022-38757 1 Microfocus 1 Zenworks 2023-01-04 N/A 7.2 HIGH
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.
CVE-2022-46334 1 Proofpoint 1 Enterprise Protection 2023-01-03 N/A 7.8 HIGH
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.