Total
1379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44201 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | N/A | 5.0 MEDIUM |
| An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO. | |||||
| CVE-2023-44120 | 1 Siemens | 1 Spectrum Power 7 | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access. | |||||
| CVE-2023-42924 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data. | |||||
| CVE-2023-42861 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac. | |||||
| CVE-2023-42489 | 1 Busbaer | 1 Eisbaer Scada | 2024-11-21 | N/A | 7.5 HIGH |
| EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource | |||||
| CVE-2023-42189 | 9 Eve, Govee, Nanoleaf and 6 more | 18 Eve Door And Window, Eve Door And Window Firmware, Led Strip and 15 more | 2024-11-21 | N/A | 7.5 HIGH |
| Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. | |||||
| CVE-2023-41295 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | |||||
| CVE-2023-40754 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | N/A | 8.8 HIGH |
| In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | |||||
| CVE-2023-40622 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A | 9.9 CRITICAL |
| SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability. | |||||
| CVE-2023-40361 | 1 Secudos | 1 Qiata | 2024-11-21 | N/A | 7.8 HIGH |
| SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | |||||
| CVE-2023-40302 | 1 Netscout | 1 Ngeniuspulse | 2024-11-21 | N/A | 9.1 CRITICAL |
| NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | |||||
| CVE-2023-3915 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects. | |||||
| CVE-2023-3322 | 1 Abb | 1 Zenon | 2024-11-21 | N/A | 7.0 HIGH |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | |||||
| CVE-2023-3282 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Cortex Xsoar | 2024-11-21 | N/A | 6.4 MEDIUM |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | |||||
| CVE-2023-39230 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39005 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 7.5 HIGH |
| Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | |||||
| CVE-2023-39004 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 9.8 CRITICAL |
| Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | |||||
| CVE-2023-39003 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 7.5 HIGH |
| OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | |||||
| CVE-2023-38991 | 1 Jeesite | 1 Jeesite | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | |||||
| CVE-2023-38640 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-11-21 | N/A | 6.6 MEDIUM |
| A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. | |||||