Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3116 | 1 Openatom | 1 Openharmony | 2024-09-09 | 7.3 High |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. | ||||
| CVE-2023-42774 | 1 Openatom | 1 Openharmony | 2024-09-09 | 6.2 Medium |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. | ||||
| CVE-2024-4030 | 2024-09-07 | 7.1 High | ||
| On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. | ||||
| CVE-2023-43629 | 2024-09-06 | 7.8 High | ||
| Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2024-09-06 | 7.8 High |
| Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | ||||
| CVE-2024-26025 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2024-09-06 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-27461 | 1 Intel | 1 Memory And Storage Tool Gui | 2024-09-06 | 5.6 Medium |
| Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-34648 | 1 Samsung | 1 Android | 2024-09-05 | 5.1 Medium |
| Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | ||||
| CVE-2024-34661 | 1 Samsung | 1 Assistant | 2024-09-05 | 4.3 Medium |
| Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. | ||||
| CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2024-09-05 | 7.5 High |
| Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | ||||
| CVE-2023-50975 | 2024-09-04 | 8.4 High | ||
| The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information. | ||||
| CVE-2023-46743 | 1 Xwiki | 1 Application-collabora | 2024-09-04 | 7.4 High |
| application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3. | ||||
| CVE-2024-23495 | 1 Intel | 3 Distribution For Gdb, Distribution For Gdb Software, Oneapi Base Toolkit | 2024-08-31 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32638 | 1 Intel | 1 Arc Rgb Controller | 2024-08-30 | 6.7 Medium |
| Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-08-30 | 9.1 Critical |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | ||||
| CVE-2023-6302 | 1 Cskaza | 1 Cszcms | 2024-08-29 | 4.7 Medium |
| A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-48648 | 1 Concretecms | 1 Concrete Cms | 2024-08-29 | 9.8 Critical |
| Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | ||||
| CVE-2023-42501 | 1 Apache | 1 Superset | 2024-08-29 | 4.3 Medium |
| Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. | ||||
| CVE-2024-6974 | 1 Catonetworks | 2 Cato Client, Sdp Client | 2024-08-27 | 8.8 High |
| Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34. | ||||
| CVE-2023-7235 | 2024-08-26 | 8.4 High | ||
| The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables. | ||||