Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5474 | 1 Lenovo | 1 Dolby Vision Provisioning Software | 2024-10-15 | 5.5 Medium |
| A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | ||||
| CVE-2023-6273 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-11 | 5.3 Medium |
| Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-37572 | 1 Softing | 1 Opc | 2024-10-11 | 7.5 High |
| Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted. | ||||
| CVE-2024-1605 | 2024-10-10 | 6.6 Medium | ||
| BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. | ||||
| CVE-2023-31246 | 1 Intel | 1 Server Debug And Provisioning Tool | 2024-10-10 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27505 | 1 Intel | 1 Advanced Link Analyzer | 2024-10-10 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32547 | 3 Intel, Mavinci Desktop Software For Intel Falcon 8 Plus, Topconpositioning | 3 Falcon 8\+, Mavinci Desktop Software For Intel Falcon 8 Plus, Mavinci Desktop | 2024-10-10 | 6.7 Medium |
| Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32543 | 1 Intel | 1 Intelligent Test System | 2024-10-10 | 6.7 Medium |
| Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-1229 | 1 Google | 1 Chrome | 2024-10-09 | 4.3 Medium |
| Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4065 | 1 Redhat | 6 Amq Broker, Enterprise Linux, Jboss A-mq and 3 more | 2024-10-09 | 5.5 Medium |
| A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | ||||
| CVE-2024-38222 | 1 Microsoft | 2 Edge, Edge Chromium | 2024-10-09 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2023-38497 | 3 Fedoraproject, Redhat, Rust-lang | 5 Fedora, Devtools, Enterprise Linux and 2 more | 2024-10-08 | 7.8 High |
| Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. | ||||
| CVE-2022-36803 | 1 Atlassian | 1 Jira Align | 2024-10-02 | 8.8 High |
| The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. | ||||
| CVE-2023-27392 | 1 Intel | 1 Support | 2024-10-02 | 4.4 Medium |
| Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-32492 | 1 Dell | 1 Powerscale Onefs | 2024-10-01 | 5.3 Medium |
| Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | ||||
| CVE-2023-2737 | 2 Microsoft, Thalesgroup | 2 Windows, Safenet Authentication Service | 2024-10-01 | 5.7 Medium |
| Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | ||||
| CVE-2023-43081 | 1 Dell | 1 Powerprotect Agent For File System | 2024-10-01 | 4 Medium |
| PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. | ||||
| CVE-2023-34352 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-09-30 | 5.3 Medium |
| A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. | ||||
| CVE-2023-31067 | 1 Tsplus | 1 Tsplus Remote Access | 2024-09-26 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www. | ||||
| CVE-2023-31068 | 1 Tsplus | 1 Tsplus Remote Access | 2024-09-26 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. | ||||