Total
1238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32492 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | |||||
| CVE-2023-32183 | 1 Opensuse | 1 Tumbleweed | 2024-11-21 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | |||||
| CVE-2023-31468 | 1 Inosoft | 1 Visiwin 7 | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version. | |||||
| CVE-2023-31462 | 1 Steelseries | 1 Gg | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges. | |||||
| CVE-2023-31246 | 1 Intel | 1 Server Debug And Provisioning Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31068 | 1 Tsplus | 1 Tsplus Remote Access | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. | |||||
| CVE-2023-31067 | 1 Tsplus | 1 Tsplus Remote Access | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www. | |||||
| CVE-2023-2749 | 1 Asustor | 2 Adm, Download Center | 2024-11-21 | N/A | 8.6 HIGH |
| Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. | |||||
| CVE-2023-2737 | 2 Microsoft, Thalesgroup | 2 Windows, Safenet Authentication Service | 2024-11-21 | N/A | 5.7 MEDIUM |
| Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | |||||
| CVE-2023-29838 | 1 Allwaysync | 1 Allwaysync | 2024-11-21 | N/A | 7.8 HIGH |
| Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | |||||
| CVE-2023-29244 | 1 Intel | 1 Nuc P14e Laptop Element | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29131 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 7.4 HIGH |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | |||||
| CVE-2023-29081 | 1 Flexera | 1 Installshield | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. | |||||
| CVE-2023-28966 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | N/A | 7.8 HIGH |
| An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. | |||||
| CVE-2023-28870 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | |||||
| CVE-2023-28079 | 1 Dell | 1 Powerpath | 2024-11-21 | N/A | 7.0 HIGH |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-27593 | 1 Cilium | 1 Cilium | 2024-11-21 | N/A | 4.4 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible. | |||||
| CVE-2023-27505 | 1 Intel | 1 Advanced Link Analyzer | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27392 | 1 Intel | 1 Support | 2024-11-21 | N/A | 4.4 MEDIUM |
| Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-27382 | 2 Intel, Microsoft | 2 Nuc P14e Laptop Element, Windows 10 | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||