Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21104 | 1 Google | 1 Android | 2023-05-24 | N/A | 5.5 MEDIUM |
| In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 | |||||
| CVE-2021-44858 | 1 Mediawiki | 1 Mediawiki | 2023-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead. | |||||
| CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2023-05-10 | N/A | 9.8 CRITICAL |
| An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | |||||
| CVE-2022-4568 | 1 Lenovo | 1 System Update | 2023-05-10 | N/A | 7.8 HIGH |
| A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | |||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2023-05-10 | N/A | 8.8 HIGH |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | |||||
| CVE-2023-29057 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2023-05-10 | N/A | 8.8 HIGH |
| A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. | |||||
| CVE-2023-29058 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2023-05-08 | N/A | 6.5 MEDIUM |
| A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | |||||
| CVE-2023-27035 | 1 Obsidian | 1 Obsidian | 2023-05-06 | N/A | 7.5 HIGH |
| An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | |||||
| CVE-2022-38583 | 1 Sage | 1 Sage 300 | 2023-05-05 | N/A | 7.8 HIGH |
| On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | |||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2023-05-04 | N/A | 7.8 HIGH |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | |||||
| CVE-2023-29923 | 1 Powerjob | 1 Powerjob | 2023-04-28 | N/A | 5.3 MEDIUM |
| PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | |||||
| CVE-2023-28966 | 1 Juniper | 1 Junos Os Evolved | 2023-04-27 | N/A | 7.8 HIGH |
| An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. | |||||
| CVE-2023-26918 | 1 Filereplicationpro | 1 File Replication Pro | 2023-04-21 | N/A | 9.8 CRITICAL |
| Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access. | |||||
| CVE-2023-25355 | 1 Coredial | 1 Sipxcom | 2023-04-11 | N/A | 8.8 HIGH |
| CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. | |||||
| CVE-2022-48360 | 1 Huawei | 2 Emui, Harmonyos | 2023-04-03 | N/A | 7.5 HIGH |
| The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | |||||
| CVE-2020-17381 | 1 Ghisler | 1 Total Commander | 2023-03-15 | 4.4 MEDIUM | 7.3 HIGH |
| An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. | |||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | |||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | |||||
| CVE-2023-1229 | 1 Google | 1 Chrome | 2023-03-11 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||