Total
880 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-47335 | 1 Autelrobotics | 2 Evo Nano Drone, Evo Nano Drone Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | |||||
CVE-2023-3116 | 1 Openharmony | 1 Openharmony | 2023-12-10 | N/A | 7.1 HIGH |
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. | |||||
CVE-2023-42774 | 1 Openharmony | 1 Openharmony | 2023-12-10 | N/A | 5.5 MEDIUM |
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. | |||||
CVE-2023-40363 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-10 | N/A | 6.5 MEDIUM |
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. | |||||
CVE-2023-47462 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. | |||||
CVE-2023-42501 | 1 Apache | 1 Superset | 2023-12-10 | N/A | 4.3 MEDIUM |
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. | |||||
CVE-2023-43081 | 1 Dell | 1 Powerprotect Agent For File System | 2023-12-10 | N/A | 3.3 LOW |
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. | |||||
CVE-2023-47250 | 1 M-privacy | 3 Mprivacy-tools, Rsbac-policy-tgpro, Tightgatevnc | 2023-12-10 | N/A | 8.8 HIGH |
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack. | |||||
CVE-2023-48648 | 1 Concretecms | 1 Concrete Cms | 2023-12-10 | N/A | 9.8 CRITICAL |
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | |||||
CVE-2023-32492 | 1 Dell | 1 Powerscale Onefs | 2023-12-10 | N/A | 7.1 HIGH |
Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | |||||
CVE-2023-4664 | 1 Saphira | 1 Connect | 2023-12-10 | N/A | 8.8 HIGH |
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | |||||
CVE-2023-2737 | 2 Microsoft, Thalesgroup | 2 Windows, Safenet Authentication Service | 2023-12-10 | N/A | 5.5 MEDIUM |
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | |||||
CVE-2022-3431 | 1 Lenovo | 50 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro-16ach6 and 47 more | 2023-12-10 | N/A | 7.8 HIGH |
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | |||||
CVE-2023-31246 | 1 Intel | 1 Server Debug And Provisioning Tool | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-32543 | 1 Intel | 1 Intelligent Test System | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-44157 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2023-12-10 | N/A | 7.8 HIGH |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. | |||||
CVE-2023-27392 | 1 Intel | 1 Support | 2023-12-10 | N/A | 4.4 MEDIUM |
Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | |||||
CVE-2023-32547 | 2 Intel, Topconpositioning | 2 Falcon 8\+, Mavinci Desktop | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-4575 | 1 Lenovo | 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more | 2023-12-10 | N/A | 6.7 MEDIUM |
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | |||||
CVE-2023-31468 | 1 Inosoft | 1 Visiwin 7 | 2023-12-10 | N/A | 7.8 HIGH |
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. |