Total
1369 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33870 | 1 Intel | 2 Administrative Tools For Intel Network Adapters, Ethernet Connections Boot Utility\, Preboot Images\, And Efi Drivers | 2024-10-25 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-43065 | 1 Fortinet | 1 Fortinac | 2024-10-25 | 7.8 High |
| A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. | ||||
| CVE-2023-3322 | 1 Abb | 1 Zenon | 2024-10-24 | 7 High |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | ||||
| CVE-2023-28133 | 1 Checkpoint | 1 Endpoint Security | 2024-10-24 | 7.8 High |
| Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | ||||
| CVE-2018-13374 | 1 Fortinet | 2 Fortiadc, Fortios | 2024-10-24 | 4.3 Medium |
| A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | ||||
| CVE-2023-20254 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Manager | 2024-10-23 | 7.2 High |
| A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition. | ||||
| CVE-2022-43946 | 1 Fortinet | 1 Forticlient | 2024-10-23 | 7.3 High |
| Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. | ||||
| CVE-2021-44167 | 1 Fortinet | 1 Forticlient | 2024-10-22 | 6.8 Medium |
| An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. | ||||
| CVE-2024-46897 | 1 Exceedone | 1 Exment | 2024-10-22 | 3.8 Low |
| Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table. | ||||
| CVE-2023-38991 | 1 Jeesite | 1 Jeesite | 2024-10-18 | 5.4 Medium |
| An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | ||||
| CVE-2023-6729 | 1 Nokia | 1 Service Router Operating System | 2024-10-18 | 7.3 High |
| Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. | ||||
| CVE-2024-7612 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-10-17 | 8.8 High |
| Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | ||||
| CVE-2024-24740 | 1 Sap | 1 Netweaver Application Server Abap | 2024-10-16 | 5.3 Medium |
| SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. | ||||
| CVE-2024-44729 | 1 Mirotalk | 1 Mirotalk P2p | 2024-10-16 | 7.5 High |
| Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. | ||||
| CVE-2024-10018 | 1 Tecno | 1 Com.transsion.aivoiceassistant | 2024-10-16 | 9.8 Critical |
| Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | ||||
| CVE-2023-32190 | 1 Suse | 1 Opensuse Tumbleweed | 2024-10-16 | 7.8 High |
| mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. | ||||
| CVE-2024-22029 | 2024-10-16 | 7.8 High | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | ||||
| CVE-2024-47833 | 1 Avaiga | 1 Taipy | 2024-10-16 | 6.5 Medium |
| Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-28658 | 1 Intel | 1 Oneapi Math Kernel Library | 2024-10-15 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-9142 | 1 Olgu Computer Systems | 1 E-belediye | 2024-10-14 | 9.8 Critical |
| External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This issue affects e-Belediye: before 2.0.642. | ||||