Total
1460 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39003 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 7.5 High |
| OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | ||||
| CVE-2023-38991 | 1 Jeesite | 1 Jeesite | 2024-11-21 | 5.4 Medium |
| An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | ||||
| CVE-2023-38640 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-11-21 | 6.6 Medium |
| A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. | ||||
| CVE-2023-38541 | 1 Intel | 1 Hid Event Filter Driver | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 5.3 Medium |
| An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | ||||
| CVE-2023-36465 | 1 Decidim | 1 Decidim | 2024-11-21 | 9.1 Critical |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4. | ||||
| CVE-2023-35870 | 1 Sap | 1 S4core | 2024-11-21 | 6.3 Medium |
| When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable. | ||||
| CVE-2023-35841 | 1 Phoenix | 1 Winflash Driver | 2024-11-21 | 7.8 High |
| Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0. | ||||
| CVE-2023-35168 | 1 Dataease | 1 Dataease | 2024-11-21 | 6.5 Medium |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability. | ||||
| CVE-2023-34997 | 1 Intel | 1 Server Configuration Utility | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34391 | 3 Microsoft, Schweitzer Engineering Laboratories, Selinc | 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5033 Acselerator Real-time Automation Controller | 2024-11-21 | 7.4 High |
| Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | ||||
| CVE-2023-34314 | 1 Intel | 1 Simics Simulator | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-33990 | 1 Sap | 1 Sql Anywhere | 2024-11-21 | 7.8 High |
| SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted. | ||||
| CVE-2023-33870 | 1 Intel | 2 Administrative Tools For Intel Network Adapters, Ethernet Connections Boot Utility\, Preboot Images\, And Efi Drivers | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32724 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 9.1 Critical |
| Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | ||||
| CVE-2023-32162 | 2 Microsoft, Wacom | 3 Windows, Driver, Drivers For Windows | 2024-11-21 | 7.8 High |
| Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318. | ||||
| CVE-2023-31454 | 1 Apache | 1 Inlong | 2024-11-21 | 7.5 High |
| Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947 | ||||
| CVE-2023-31453 | 1 Apache | 1 Inlong | 2024-11-21 | 7.5 High |
| Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 | ||||
| CVE-2023-31445 | 1 Cassianetworks | 1 Access Controller | 2024-11-21 | 5.3 Medium |
| Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. | ||||
| CVE-2023-28658 | 1 Intel | 1 Oneapi Math Kernel Library | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||