Total
881 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2023-12-10 | N/A | 8.8 HIGH |
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | |||||
CVE-2023-45690 | 1 Southrivertech | 2 Titan Ftp Server, Titan Mft Server | 2023-12-10 | N/A | 4.9 MEDIUM |
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | |||||
CVE-2022-3466 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2023-12-10 | N/A | 5.3 MEDIUM |
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. | |||||
CVE-2023-3323 | 1 Abb | 1 Zenon | 2023-12-10 | N/A | 5.4 MEDIUM |
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | |||||
CVE-2023-32663 | 1 Intel | 1 Realsense Software Development Kit | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-32999 | 1 Jenkins | 1 Appspider | 2023-12-10 | N/A | 4.3 MEDIUM |
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | |||||
CVE-2023-28724 | 1 F5 | 3 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring | 2023-12-10 | N/A | 7.1 HIGH |
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2023-27035 | 1 Obsidian | 1 Obsidian | 2023-12-10 | N/A | 7.5 HIGH |
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | |||||
CVE-2022-48360 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality. | |||||
CVE-2023-2749 | 1 Asustor | 2 Adm, Download Center | 2023-12-10 | N/A | 7.5 HIGH |
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. | |||||
CVE-2023-29923 | 1 Powerjob | 1 Powerjob | 2023-12-10 | N/A | 5.3 MEDIUM |
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | |||||
CVE-2022-3101 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2023-12-10 | N/A | 5.5 MEDIUM |
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | |||||
CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2023-12-10 | N/A | 7.7 HIGH |
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | |||||
CVE-2023-32183 | 1 Opensuse | 1 Tumbleweed | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | |||||
CVE-2022-45452 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2023-12-10 | N/A | 7.8 HIGH |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
CVE-2023-28079 | 1 Dell | 1 Powerpath | 2023-12-10 | N/A | 7.8 HIGH |
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
CVE-2023-21107 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017 | |||||
CVE-2023-29919 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2023-12-10 | N/A | 9.1 CRITICAL |
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | |||||
CVE-2022-30338 | 1 Intel | 1 Virtual Raid On Cpu | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-28192 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 5.5 MEDIUM |
A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. |