Total
200 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45807 | 1 Amazon | 1 Opensearch | 2023-10-20 | N/A | 5.4 MEDIUM |
| OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue. | |||||
| CVE-2022-42260 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2023-10-19 | N/A | 7.8 HIGH |
| NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2022-31608 | 1 Nvidia | 4 Geforce, Gpu Display Driver, Rtx and 1 more | 2023-10-15 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2022-47637 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2023-09-15 | N/A | 6.7 MEDIUM |
| The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. | |||||
| CVE-2023-41939 | 1 Jenkins | 1 Ssh2 Easy | 2023-09-11 | N/A | 8.8 HIGH |
| Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to. | |||||
| CVE-2022-43910 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-07-27 | N/A | 7.8 HIGH |
| IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908. | |||||
| CVE-2023-21249 | 1 Google | 1 Android | 2023-07-25 | N/A | 5.5 MEDIUM |
| In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35938 | 1 Enalean | 1 Tuleap | 2023-07-10 | N/A | 7.2 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-2818 | 1 Proofpoint | 1 Insider Threat Management | 2023-07-06 | N/A | 5.5 MEDIUM |
| An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. | |||||
| CVE-2023-2993 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2023-07-05 | N/A | 6.3 MEDIUM |
| A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | |||||
| CVE-2023-0971 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2023-06-28 | N/A | 8.8 HIGH |
| A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | |||||
| CVE-2023-28161 | 1 Mozilla | 1 Firefox | 2023-06-09 | N/A | 8.8 HIGH |
| If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. | |||||
| CVE-2023-31923 | 1 Supremainc | 1 Biostar 2 | 2023-06-01 | N/A | 8.8 HIGH |
| Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. | |||||
| CVE-2022-4139 | 1 Linux | 1 Linux Kernel | 2023-05-12 | N/A | 7.8 HIGH |
| An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2020-36070 | 1 Thecontrolgroup | 1 Voyager | 2023-05-05 | N/A | 9.8 CRITICAL |
| Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | |||||
| CVE-2023-28668 | 1 Jenkins | 1 Role-based Authorization Strategy | 2023-04-07 | N/A | 9.8 CRITICAL |
| Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. | |||||
| CVE-2023-28647 | 1 Nextcloud | 1 Nextcloud | 2023-04-07 | N/A | 6.8 MEDIUM |
| Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28646 | 1 Nextcloud | 1 Nextcloud | 2023-04-07 | N/A | 2.4 LOW |
| Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-25817 | 1 Nextcloud | 1 Nextcloud Server | 2023-04-01 | N/A | 8.1 HIGH |
| Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2023-03-23 | N/A | 3.3 LOW |
| Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | |||||