Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28658 | 1 Intel | 1 Oneapi Math Kernel Library | 2024-08-02 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28522 | 1 Ibm | 1 Api Connect | 2024-08-02 | 4.3 Medium |
| IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | ||||
| CVE-2023-28399 | 1 Contec | 1 Conprosys Hmi System | 2024-08-02 | 7.8 High |
| Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program. | ||||
| CVE-2023-28346 | 2 Faronics, Microsoft | 2 Insight, Windows | 2024-08-02 | 7.3 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials. | ||||
| CVE-2023-28123 | 1 Ui | 1 Desktop | 2024-08-02 | 5.5 Medium |
| A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | ||||
| CVE-2023-28133 | 1 Checkpoint | 1 Endpoint Security | 2024-08-02 | 7.8 High |
| Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | ||||
| CVE-2023-28068 | 1 Dell | 1 Command \| Monitor | 2024-08-02 | 7.3 High |
| Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path | ||||
| CVE-2023-27084 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2024-08-02 | 5.3 Medium |
| Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | ||||
| CVE-2023-27095 | 1 Opengoofy | 1 Hippo4j | 2024-08-02 | 6.5 Medium |
| Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | ||||
| CVE-2023-27096 | 1 Opengoofy | 1 Hippo4j | 2024-08-02 | 6.5 Medium |
| Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. | ||||
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-08-02 | 3.2 Low |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | ||||
| CVE-2023-25817 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-02 | 3.5 Low |
| Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-25648 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-08-02 | 6.5 Medium |
| There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. | ||||
| CVE-2023-25438 | 1 Genomedics | 1 Millegpg | 2024-08-02 | 7.8 High |
| An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. | ||||
| CVE-2023-25150 | 1 Nextcloud | 1 Richdocuments | 2024-08-02 | 5.8 Medium |
| Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue. | ||||
| CVE-2023-24205 | 1 Clash Project | 1 Clash | 2024-08-02 | 9.8 Critical |
| Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | ||||
| CVE-2023-23939 | 1 Microsoft | 1 Azure Setup Kubectl | 2024-08-02 | 3.9 Low |
| Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-23610 | 1 Glpi-project | 1 Glpi | 2024-08-02 | 6.5 Medium |
| GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6. | ||||
| CVE-2023-22592 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2024-08-02 | 4 Medium |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | ||||
| CVE-2023-22326 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-08-02 | 4.9 Medium |
| In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||