Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5651 | 1 Thimpress | 1 Wp Hotel Booking | 2023-11-27 | N/A | 5.4 MEDIUM |
| The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts | |||||
| CVE-2022-41700 | 1 Intel | 1 Nuc Pro Software Suite | 2023-11-25 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2023-11-25 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-6179 | 1 Honeywell | 1 Prowatch | 2023-11-25 | N/A | 7.8 HIGH |
| Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | |||||
| CVE-2023-34997 | 1 Intel | 1 Server Configuration Utility | 2023-11-21 | N/A | 7.8 HIGH |
| Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34314 | 1 Intel | 1 Simics Simulator | 2023-11-21 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39230 | 1 Intel | 1 Rapid Storage Technology | 2023-11-21 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-48087 | 1 Xuxueli | 1 Xxl-job | 2023-11-21 | N/A | 5.4 MEDIUM |
| xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. | |||||
| CVE-2023-47801 | 1 Clickstudios | 1 Passwordstate | 2023-11-20 | N/A | 4.7 MEDIUM |
| An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records. | |||||
| CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2023-11-20 | N/A | 5.4 MEDIUM |
| An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | |||||
| CVE-2023-28134 | 1 Checkpoint | 1 Endpoint Security | 2023-11-17 | N/A | 7.8 HIGH |
| Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-3282 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Cortex Xsoar | 2023-11-16 | N/A | 6.7 MEDIUM |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | |||||
| CVE-2023-5136 | 1 Ni | 4 Diadem, Flexlogger, Topografix Data Plugin and 1 more | 2023-11-15 | N/A | 5.5 MEDIUM |
| An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. | |||||
| CVE-2023-40754 | 1 Phpjabbers | 1 Car Rental Script | 2023-11-07 | N/A | 8.8 HIGH |
| In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | |||||
| CVE-2023-28658 | 1 Intel | 1 Oneapi Math Kernel Library | 2023-11-07 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-23939 | 1 Microsoft | 1 Azure Setup Kubectl | 2023-11-07 | N/A | 7.0 HIGH |
| Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-22592 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2023-11-07 | N/A | 7.8 HIGH |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | |||||
| CVE-2023-22326 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-11-07 | N/A | 4.9 MEDIUM |
| In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-1516 | 1 Robodk | 1 Robodk | 2023-11-07 | N/A | 7.8 HIGH |
| RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. | |||||
| CVE-2023-1135 | 1 Deltaww | 1 Infrasuite Device Master | 2023-11-07 | N/A | 7.8 HIGH |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | |||||