Total
1461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24828 | 1 Vercel | 1 Pkg | 2024-11-21 | N/A | 6.6 MEDIUM |
|
pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the ...
Show More |
|||||
| CVE-2024-22428 | 1 Dell | 1 Emc Idrac Service Module | 2024-11-21 | N/A | 7.0 HIGH |
|
Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.
|
|||||
| CVE-2024-22409 | 1 Datahub Project | 1 Datahub | 2024-11-21 | N/A | 7.5 HIGH |
|
DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have mod ...
Show More |
|||||
| CVE-2024-22385 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
|
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.
|
|||||
| CVE-2024-22301 | 1 Eduva | 1 Albo Pretorio Online | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.
|
|||||
| CVE-2024-21840 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 7.9 HIGH |
|
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.
This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
|
|||||
| CVE-2024-0833 | 1 Progress | 1 Telerik Test Studio | 2024-11-21 | N/A | 7.8 HIGH |
|
In Telerik Test Studio versions prior to
v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
|
|||||
| CVE-2024-0770 | 2 Echa.europa, Microsoft | 2 Iuclid, Windows | 2024-11-21 | 3.2 LOW | 4.4 MEDIUM |
|
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-6457 | 1 Hitachi | 1 Tuning Manager | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.
|
|||||
| CVE-2023-6302 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-6273 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
|
|||||
| CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | N/A | 7.0 HIGH |
|
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
|
|||||
| CVE-2023-5536 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | N/A | 5.0 MEDIUM |
|
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
|
|||||
| CVE-2023-5042 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.
|
|||||
| CVE-2023-50236 | 1 Siemens | 1 Polarion Alm | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.
|
|||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2024-11-21 | N/A | 7.3 HIGH |
|
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
|
|||||
| CVE-2023-4091 | 3 Fedoraproject, Redhat, Samba | 5 Fedora, Enterprise Linux, Enterprise Linux Eus and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system per ...
Show More |
|||||
| CVE-2023-4088 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-11-21 | N/A | 9.3 CRITICAL |
|
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.
|
|||||
| CVE-2023-4065 | 1 Redhat | 4 Enterprise Linux, Jboss A-mq, Jboss Middleware and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
|
|||||
| CVE-2023-48648 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.
|
|||||
| CVE-2023-47462 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
|
|||||
| CVE-2023-47250 | 1 M-privacy | 3 Mprivacy-tools, Rsbac-policy-tgpro, Tightgatevnc | 2024-11-21 | N/A | 8.8 HIGH |
|
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack.
|
|||||
| CVE-2023-46870 | 2024-11-21 | N/A | 7.3 HIGH | ||
|
extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts.
|
|||||
| CVE-2023-46773 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.
|
|||||
| CVE-2023-46743 | 1 Xwiki | 1 Application-collabora | 2024-11-21 | N/A | 7.3 HIGH |
|
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and ...
Show More |
|||||
| CVE-2023-45990 | 1 Wenwen-ai | 1 Wenwenai Cms | 2024-11-21 | N/A | 8.0 HIGH |
|
Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.
|
|||||
| CVE-2023-45690 | 1 Southrivertech | 2 Titan Ftp Server, Titan Mft Server | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
|
|||||
| CVE-2023-44194 | 1 Juniper | 1 Junos | 2024-11-21 | N/A | 8.4 HIGH |
|
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges.
This issue affects Juniper Networks Junos OS:
* All versions prior to 20.4R3-S5;
* 21.1 versions prior to 21.1R3-S4;
* 21 ...
Show More |
|||||
| CVE-2023-44157 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.
|
|||||
| CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2024-11-21 | N/A | 7.5 HIGH |
|
Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table.
|
|||||
| CVE-2023-43081 | 1 Dell | 1 Powerprotect Agent For File System | 2024-11-21 | N/A | 4.0 MEDIUM |
|
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.
|
|||||
| CVE-2023-42774 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
|
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
|
|||||
| CVE-2023-42668 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
|
Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-42433 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
|
Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-42261 | 1 Opensecurity | 1 Mobile Security Framework | 2024-11-21 | N/A | 7.5 HIGH |
|
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.
|
|||||
| CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
|
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
|
|||||
| CVE-2023-41231 | 1 Intel | 1 Assistive Context-aware Toolkit | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-40363 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 8.1 HIGH |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.
|
|||||
| CVE-2023-40154 | 1 Intel | 1 System Usage Report | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privillaged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-3440 | 2 Hitachi, Microsoft | 2 Jp1\/performance Management, Windows | 2024-11-21 | N/A | 8.4 HIGH |
|
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option ...
Show More |
|||||