Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5355 | 1 Dell | 1 Emc Isilon Onefs | 2024-09-16 | 4.3 Medium |
| The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. | ||||
| CVE-2022-0486 | 1 Fidelissecurity | 2 Deception, Network | 2024-09-16 | 4.4 Medium |
| Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | ||||
| CVE-2020-4274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-09-16 | 5.4 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. | ||||
| CVE-2020-4259 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-09-16 | 6.5 Medium |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. | ||||
| CVE-2018-0023 | 1 Juniper | 1 Jsnapy | 2024-09-16 | N/A |
| JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github. | ||||
| CVE-2023-27133 | 1 Tsplus | 1 Tsplus Remote Work | 2024-09-16 | 9.8 Critical |
| TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product. | ||||
| CVE-2023-4091 | 3 Fedoraproject, Redhat, Samba | 7 Fedora, Enterprise Linux, Enterprise Linux Eus and 4 more | 2024-09-16 | 6.5 Medium |
| A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. | ||||
| CVE-2024-5321 | 1 Redhat | 1 Openshift | 2024-09-13 | 6.1 Medium |
| A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs. | ||||
| CVE-2023-35181 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-13 | 7.8 High |
| The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | ||||
| CVE-2023-35183 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-13 | 7.8 High |
| The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | ||||
| CVE-2022-42150 | 1 Tinylab | 2 Cloud Lab, Linux Lab | 2024-09-12 | 10.0 Critical |
| TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | ||||
| CVE-2024-43791 | 1 Steveklabnik | 1 Request Store | 2024-09-12 | 7.8 High |
| RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed. | ||||
| CVE-2024-34018 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | 5.5 Medium |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | ||||
| CVE-2023-3112 | 2 Ellipticlabs, Lenovo | 3 Ai Virtual Presence Sensor, Virtual Lock Sensor, Thinkpad T14 Gen 3 | 2024-09-12 | 7.8 High |
| A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2024-43114 | 1 Jetbrains | 1 Teamcity | 2024-09-11 | 7.5 High |
| In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | ||||
| CVE-2023-45990 | 1 Wenwen-ai | 1 Wenwenai Cms | 2024-09-11 | 8.0 High |
| Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. | ||||
| CVE-2024-6122 | 1 Ni | 2 Flexlogger, Systemlink | 2024-09-10 | 5.5 Medium |
| An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | ||||
| CVE-2024-6325 | 1 Rockwellautomation | 1 Factorytalk Policy Manager | 2024-09-10 | 6.5 Medium |
| The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | ||||
| CVE-2019-14925 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-09-10 | 6.5 Medium |
| An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. | ||||
| CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-09-09 | 7 High |
| NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | ||||