CVE-2023-27830

CRITICAL Year: 2023
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-269
View all →

Vulnerability Description

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

Related Vulnerabilities

CVE-2022-2063

CRITICAL
CVSS:9.0(Critical)

Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.

CWE-2692022

CVE-2017-5142

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the par...

CWE-2692017

CVE-2018-1000141

CRITICAL
CVSS:9.1(Critical)

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to proje...

CWE-2692018

CVE-2018-13799

CRITICAL
CVSS:9.1(Critical)

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remo...

CWE-2692018

CVE-2020-9141

CRITICAL
CVSS:9.1(Critical)

There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient ve...

CWE-2692020

CVE-2021-39982

CRITICAL
CVSS:9.1(Critical)

Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notificatio...

CWE-2692021