Total
1246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2024-11-21 | 7.3 High |
| A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | ||||
| CVE-2023-4664 | 1 Saphira | 1 Connect | 2024-11-21 | 8.8 High |
| Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4088 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-11-21 | 9.3 Critical |
| Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder. | ||||
| CVE-2023-4052 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-11-21 | 6.5 Medium |
| The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. | ||||
| CVE-2023-49721 | 1 Canonical | 1 Lxd | 2024-11-21 | 6.7 Medium |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | ||||
| CVE-2023-49338 | 1 Couchbase | 1 Server | 2024-11-21 | 7.5 High |
| Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost. | ||||
| CVE-2023-48648 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.8 Critical |
| Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | ||||
| CVE-2023-47462 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2024-11-21 | 9.8 Critical |
| Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. | ||||
| CVE-2023-47335 | 1 Autelrobotics | 2 Evo Nano Drone, Evo Nano Drone Firmware | 2024-11-21 | 6.5 Medium |
| Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | ||||
| CVE-2023-47250 | 1 M-privacy | 3 Mprivacy-tools, Rsbac-policy-tgpro, Tightgatevnc | 2024-11-21 | 8.8 High |
| In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack. | ||||
| CVE-2023-46773 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. | ||||
| CVE-2023-46743 | 1 Xwiki | 1 Application-collabora | 2024-11-21 | 7.4 High |
| application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3. | ||||
| CVE-2023-45990 | 1 Wenwen-ai | 1 Wenwenai Cms | 2024-11-21 | 8.0 High |
| Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. | ||||
| CVE-2023-45860 | 2024-11-21 | 6.5 Medium | ||
| In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. | ||||
| CVE-2023-45690 | 1 Southrivertech | 2 Titan Ftp Server, Titan Mft Server | 2024-11-21 | 4.9 Medium |
| Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | ||||
| CVE-2023-44157 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. | ||||
| CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2024-11-21 | 7.5 High |
| Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | ||||
| CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 8.8 High |
| Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-43081 | 1 Dell | 1 Powerprotect Agent For File System | 2024-11-21 | 4 Medium |
| PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. | ||||
| CVE-2023-42774 | 1 Openatom | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. | ||||