Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5042 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2023-09-25 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. | |||||
| CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2023-09-23 | N/A | 8.8 HIGH |
| Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | |||||
| CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2023-09-17 | N/A | 8.8 HIGH |
| The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | |||||
| CVE-2023-37878 | 1 Wftpserver | 1 Wing Ftp Server | 2023-09-14 | N/A | 8.8 HIGH |
| Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0. | |||||
| CVE-2023-31067 | 1 Tsplus | 1 Tsplus Remote Access | 2023-09-13 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www. | |||||
| CVE-2023-31068 | 1 Tsplus | 1 Tsplus Remote Access | 2023-09-13 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. | |||||
| CVE-2023-34352 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2023-09-09 | N/A | 5.3 MEDIUM |
| A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. | |||||
| CVE-2023-2737 | 2 Microsoft, Thalesgroup | 2 Windows, Safenet Authentication Service | 2023-08-25 | N/A | 5.5 MEDIUM |
| Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | |||||
| CVE-2023-32492 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 7.1 HIGH |
| Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | |||||
| CVE-2023-32663 | 1 Intel | 1 Realsense Software Development Kit | 2023-08-21 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27919 | 1 Gradle | 1 Enterprise | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | |||||
| CVE-2022-25364 | 1 Gradle | 1 Enterprise | 2023-08-08 | 9.3 HIGH | 8.1 HIGH |
| In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) | |||||
| CVE-2023-3323 | 1 Abb | 1 Zenon | 2023-08-01 | N/A | 5.4 MEDIUM |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | |||||
| CVE-2020-36695 | 2 Hitachi, Linux | 6 Compute Systems Manager, Device Manager, Replication Manager and 3 more | 2023-07-27 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08. | |||||
| CVE-2023-28192 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-29131 | 1 Siemens | 1 Simatic Cn 4100 | 2023-07-18 | N/A | 10.0 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | |||||
| CVE-2023-32183 | 1 Opensuse | 1 Tumbleweed | 2023-07-17 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | |||||
| CVE-2023-21512 | 1 Samsung | 1 Android | 2023-07-07 | N/A | 3.3 LOW |
| Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. | |||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2023-07-03 | N/A | 6.5 MEDIUM |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||||
| CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2023-06-26 | N/A | 7.7 HIGH |
| There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | |||||