CVE-2023-2993

MEDIUM Year: 2023
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-281
View all →

Vulnerability Description

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

Related Vulnerabilities

CVE-2021-41089

MEDIUM
CVSS:6.3(Medium)

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted ...

CWE-2812021

CVE-2021-41091

MEDIUM
CVSS:6.3(Medium)

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirect...

CWE-2812021

CVE-2023-25809

MEDIUM
CVSS:6.3(Medium)

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: ...

CWE-2812023

CVE-2024-28152

MEDIUM
CVSS:6.3(Medium)

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allo...

CWE-2812024

CVE-2024-50929

MEDIUM
CVSS:6.2(Medium)

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).

CWE-2812024

CVE-2021-3418

MEDIUM
CVSS:6.4(Medium)

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot...

CWE-2812021