Total
881 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40971 | 1 Intel | 1 Nuc Hdmi Firmware Update Tool | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-21104 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 | |||||
CVE-2022-4568 | 1 Lenovo | 1 System Update | 2023-12-10 | N/A | 7.8 HIGH |
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | |||||
CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | |||||
CVE-2022-30759 | 1 Nokia | 1 One-nds | 2023-12-10 | N/A | 8.8 HIGH |
In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | |||||
CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2023-12-10 | N/A | 7.8 HIGH |
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | |||||
CVE-2022-36391 | 1 Intel | 1 Nuc Pro Software Suite | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-33966 | 1 Deno | 2 Deno, Deno Runtime | 2023-12-10 | N/A | 9.8 CRITICAL |
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue. | |||||
CVE-2023-26918 | 1 Filereplicationpro | 1 File Replication Pro | 2023-12-10 | N/A | 9.8 CRITICAL |
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access. | |||||
CVE-2022-38583 | 1 Sage | 1 Sage 300 | 2023-12-10 | N/A | 7.8 HIGH |
On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | |||||
CVE-2022-45459 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2023-12-10 | N/A | 7.5 HIGH |
Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
CVE-2023-25941 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | N/A | 7.8 HIGH |
Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. | |||||
CVE-2023-32996 | 1 Jenkins | 1 Saml Single Sign-on | 2023-12-10 | N/A | 4.3 MEDIUM |
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | |||||
CVE-2023-29838 | 1 Allwaysync | 1 Allwaysync | 2023-12-10 | N/A | 7.8 HIGH |
Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | |||||
CVE-2022-33963 | 1 Intel | 1 Unite | 2023-12-10 | N/A | 7.8 HIGH |
Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-29731 | 1 Loka | 1 Solive | 2023-12-10 | N/A | 7.5 HIGH |
SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. | |||||
CVE-2023-31116 | 1 Samsung | 4 Exynos 5123, Exynos 5123 Firmware, Exynos 5300 and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application. | |||||
CVE-2023-0181 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2023-12-10 | N/A | 7.1 HIGH |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | |||||
CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2023-12-10 | N/A | 6.5 MEDIUM |
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||||
CVE-2023-32698 | 1 Goreleaser | 1 Nfpm | 2023-12-10 | N/A | 7.1 HIGH |
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders. |