Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31748 | 1 Wondershare | 1 Mobiletrans | 2023-05-31 | N/A | 7.8 HIGH |
| Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. | |||||
| CVE-2023-31454 | 1 Apache | 1 Inlong | 2023-05-27 | N/A | 7.5 HIGH |
| Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947 | |||||
| CVE-2023-31453 | 1 Apache | 1 Inlong | 2023-05-27 | N/A | 7.5 HIGH |
| Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 | |||||
| CVE-2023-32303 | 1 Planet | 1 Planet | 2023-05-26 | N/A | 5.5 MEDIUM |
| Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand. | |||||
| CVE-2023-1692 | 1 Huawei | 2 Emui, Harmonyos | 2023-05-26 | N/A | 7.5 HIGH |
| The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-32990 | 1 Jenkins | 1 Azure Vm Agents | 2023-05-26 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | |||||
| CVE-2023-32992 | 1 Jenkins | 1 Saml Single Sign On | 2023-05-26 | N/A | 8.8 HIGH |
| Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | |||||
| CVE-2023-33004 | 1 Jenkins | 1 Tag Profiler | 2023-05-25 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics. | |||||
| CVE-2023-32979 | 1 Jenkins | 1 Email Extension | 2023-05-25 | N/A | 4.3 MEDIUM |
| Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. | |||||
| CVE-2023-32986 | 1 Jenkins | 1 File Parameters | 2023-05-25 | N/A | 8.8 HIGH |
| Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | |||||
| CVE-2023-28522 | 1 Ibm | 1 Api Connect | 2023-05-22 | N/A | 8.8 HIGH |
| IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | |||||
| CVE-2018-1168 | 1 Hitachienergy | 2 Sys600, Sys600 Firmware | 2023-05-16 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | |||||
| CVE-2023-30512 | 1 Linuxfoundation | 1 Cubefs | 2023-05-15 | N/A | 6.5 MEDIUM |
| CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. | |||||
| CVE-2023-2478 | 1 Gitlab | 1 Gitlab | 2023-05-15 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. | |||||
| CVE-2023-30399 | 1 Garo | 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more | 2023-05-12 | N/A | 8.1 HIGH |
| Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. | |||||
| CVE-2021-40331 | 1 Apache | 1 Ranger | 2023-05-11 | N/A | 8.1 HIGH |
| An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later. | |||||
| CVE-2023-25438 | 1 Genomedics | 1 Millegpg | 2023-05-10 | N/A | 7.8 HIGH |
| An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. | |||||
| CVE-2023-0834 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2023-05-09 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | |||||
| CVE-2023-28123 | 1 Ui | 1 Desktop | 2023-05-01 | N/A | 5.5 MEDIUM |
| A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | |||||
| CVE-2023-0207 | 1 Nvidia | 2 Dgx-2, Sbios | 2023-04-29 | N/A | 4.4 MEDIUM |
| NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | |||||