Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29731 | 1 Loka | 1 Solive | 2026-06-17 | N/A | 7.5 HIGH |
| SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. | |||||
| CVE-2023-29244 | 1 Intel | 1 Nuc P14e Laptop Element | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29162 | 1 Intel | 16 Advisor, Cluster Checker, Distribution For Python and 13 more | 2026-06-17 | N/A | 6.0 MEDIUM |
| Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29131 | 1 Siemens | 1 Simatic Cn 4100 Firmware | 2026-06-17 | N/A | 7.4 HIGH |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | |||||
| CVE-2023-29081 | 1 Flexera | 1 Installshield | 2026-06-17 | N/A | 5.5 MEDIUM |
| A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. | |||||
| CVE-2023-28966 | 1 Juniper | 1 Junos Os Evolved | 2026-06-17 | N/A | 7.8 HIGH |
| An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. | |||||
| CVE-2023-28870 | 1 Ncp-e | 1 Secure Enterprise Client | 2026-06-17 | N/A | 6.5 MEDIUM |
| Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | |||||
| CVE-2023-28739 | 1 Intel | 1 Chipset Device Software | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28724 | 1 F5 | 3 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring | 2026-06-17 | N/A | 7.1 HIGH |
| NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-28192 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-28079 | 1 Dell | 1 Powerpath | 2026-06-17 | N/A | 7.0 HIGH |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-27647 | 1 Dualspace | 1 Lock Master | 2026-06-17 | N/A | 7.1 HIGH |
| An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method. | |||||
| CVE-2023-27593 | 1 Cilium | 1 Cilium | 2026-06-17 | N/A | 4.4 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible. | |||||
| CVE-2023-27505 | 1 Intel | 1 Advanced Link Analyzer | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27392 | 1 Intel | 1 Support | 2026-06-17 | N/A | 4.4 MEDIUM |
| Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-27382 | 2 Intel, Microsoft | 2 Nuc P14e Laptop Element, Windows 10 | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27305 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27195 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges. | |||||
| CVE-2023-27133 | 1 Tsplus | 1 Tsplus Remote Work | 2026-06-17 | N/A | 9.8 CRITICAL |
| TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product. | |||||
| CVE-2023-27035 | 1 Obsidian | 1 Obsidian | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | |||||