Total
1332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39003 | 1 Opnsense | 1 Opnsense | 2024-08-02 | 7.5 High |
| OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | ||||
| CVE-2023-38640 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-08-02 | 6.6 Medium |
| A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. | ||||
| CVE-2023-38557 | 1 Siemens | 1 Spectrum Power 7 | 2024-08-02 | 8.2 High |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | ||||
| CVE-2023-38541 | 1 Intel | 1 Hid Event Filter Driver | 2024-08-02 | 6.7 Medium |
| Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-38497 | 3 Fedoraproject, Redhat, Rust-lang | 5 Fedora, Devtools, Enterprise Linux and 2 more | 2024-08-02 | 7.8 High |
| Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. | ||||
| CVE-2023-37237 | 1 Veritas | 1 Netbackup Appliance | 2024-08-02 | 6.5 Medium |
| In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. | ||||
| CVE-2023-35799 | 1 Stormshield | 1 Endpoint Security | 2024-08-02 | 5.5 Medium |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. | ||||
| CVE-2023-35841 | 1 Phoenix | 1 Winflash Driver | 2024-08-02 | 7.8 High |
| Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0. | ||||
| CVE-2023-35800 | 1 Stormshield | 1 Endpoint Security | 2024-08-02 | 4.3 Medium |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. | ||||
| CVE-2023-35168 | 1 Dataease | 1 Dataease | 2024-08-02 | 6.5 Medium |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability. | ||||
| CVE-2023-35147 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-08-02 | 6.5 Medium |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. | ||||
| CVE-2024-25956 | 1 Dell | 1 Grab | 2024-08-02 | 5.5 Medium |
| Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. | ||||
| CVE-2023-34797 | 1 Temenos | 1 Cwx | 2024-08-02 | 5.4 Medium |
| Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | ||||
| CVE-2023-34391 | 2 Microsoft, Selinc | 2 Windows, Sel-5033 Acselerator Real-time Automation Controller | 2024-08-02 | 7.4 High |
| Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | ||||
| CVE-2023-34154 | 1 Huawei | 1 Harmonyos | 2024-08-02 | 8.2 High |
| Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources. | ||||
| CVE-2023-33990 | 1 Sap | 1 Sql Anywhere | 2024-08-02 | 7.8 High |
| SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted. | ||||
| CVE-2023-34042 | 1 Vmware | 1 Spring Security | 2024-08-02 | 4.1 Medium |
| The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. | ||||
| CVE-2023-33695 | 1 Hutool | 1 Hutool | 2024-08-02 | 7.1 High |
| Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | ||||
| CVE-2023-33004 | 1 Jenkins | 1 Tag Profiler | 2024-08-02 | 4.3 Medium |
| A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics. | ||||
| CVE-2023-32986 | 1 Jenkins | 1 File Parameters | 2024-08-02 | 8.8 High |
| Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | ||||