Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28079 | 1 Dell | 1 Powerpath | 2024-08-02 | 7 High |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | ||||
| CVE-2023-27593 | 1 Cilium | 1 Cilium | 2024-08-02 | 4.4 Medium |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible. | ||||
| CVE-2023-27305 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-08-02 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27382 | 2 Intel, Microsoft | 2 Nuc P14e Laptop Element, Windows 10 | 2024-08-02 | 6.7 Medium |
| Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27035 | 1 Obsidian | 1 Obsidian | 2024-08-02 | 6.5 Medium |
| An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | ||||
| CVE-2023-26918 | 1 Filereplicationpro | 1 File Replication Pro | 2024-08-02 | 9.8 Critical |
| Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access. | ||||
| CVE-2023-25941 | 1 Dell | 1 Emc Powerscale Onefs | 2024-08-02 | 7.8 High |
| Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. | ||||
| CVE-2023-25809 | 2 Linuxfoundation, Redhat | 3 Runc, Enterprise Linux, Openshift | 2024-08-02 | 5 Medium |
| runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. | ||||
| CVE-2023-25540 | 1 Dell | 1 Emc Powerscale Onefs | 2024-08-02 | 6 Medium |
| Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | ||||
| CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2024-08-02 | 7.7 High |
| There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | ||||
| CVE-2023-25542 | 1 Dell | 1 Trusted Device Agent | 2024-08-02 | 7 High |
| Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. | ||||
| CVE-2023-25355 | 1 Coredial | 1 Sipxcom | 2024-08-02 | 8.8 High |
| CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. | ||||
| CVE-2023-24460 | 2024-08-02 | 8.2 High | ||
| Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-23976 | 2024-08-02 | 7.5 High | ||
| Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | ||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2024-08-02 | 4.3 Medium |
| Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2024-08-02 | 4.3 Medium |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2024-08-02 | 9.8 Critical |
| An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | ||||
| CVE-2023-22440 | 1 Intel | 1 Setup And Configuration Software | 2024-08-02 | 6.7 Medium |
| Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2024-08-02 | 7.8 High |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | ||||
| CVE-2023-21104 | 1 Google | 1 Android | 2024-08-02 | 5.5 Medium |
| In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 | ||||