Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27195 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges. | |||||
| CVE-2023-27133 | 1 Tsplus | 1 Tsplus Remote Work | 2024-11-21 | N/A | 9.8 CRITICAL |
| TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product. | |||||
| CVE-2023-26077 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-25941 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. | |||||
| CVE-2023-25542 | 1 Dell | 1 Trusted Device Agent | 2024-11-21 | N/A | 7.0 HIGH |
| Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. | |||||
| CVE-2023-25540 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | |||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-21 | N/A | 3.0 LOW |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||||
| CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | |||||
| CVE-2023-22440 | 1 Intel | 1 Setup And Configuration Software | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-21512 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 2.4 LOW |
| Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. | |||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||||
| CVE-2023-20178 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. | |||||
| CVE-2023-20043 | 1 Cisco | 1 Cx Cloud Agent | 2024-11-21 | N/A | 6.7 MEDIUM |
| A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device. | |||||
| CVE-2023-1229 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0181 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-11-21 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | |||||
| CVE-2022-4964 | 1 Canonical | 1 Ubuntu Pipewire-pulse | 2024-11-21 | N/A | 5.5 MEDIUM |
| Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | |||||
| CVE-2022-4575 | 1 Lenovo | 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | |||||
| CVE-2022-4039 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more | 2024-11-21 | N/A | 8.0 HIGH |
| A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | |||||
| CVE-2022-4020 | 1 Acer | 10 Aspire A115-21, Aspire A115-21 Firmware, Aspire A315-22 and 7 more | 2024-11-21 | N/A | 8.1 HIGH |
| Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. | |||||
| CVE-2022-48360 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality. | |||||