Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49721 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2023-48648 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | |||||
| CVE-2023-47462 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. | |||||
| CVE-2023-47335 | 1 Autelrobotics | 2 Evo Nano Drone, Evo Nano Drone Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | |||||
| CVE-2023-47250 | 1 M-privacy | 3 Mprivacy-tools, Rsbac-policy-tgpro, Tightgatevnc | 2024-11-21 | N/A | 8.8 HIGH |
| In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack. | |||||
| CVE-2023-46870 | 2024-11-21 | N/A | 7.3 HIGH | ||
| extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts. | |||||
| CVE-2023-46773 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.8 CRITICAL |
| Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. | |||||
| CVE-2023-46743 | 1 Xwiki | 1 Application-collabora | 2024-11-21 | N/A | 7.3 HIGH |
| application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3. | |||||
| CVE-2023-45990 | 1 Wenwen-ai | 1 Wenwenai Cms | 2024-11-21 | N/A | 8.0 HIGH |
| Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. | |||||
| CVE-2023-45690 | 1 Southrivertech | 2 Titan Ftp Server, Titan Mft Server | 2024-11-21 | N/A | 4.9 MEDIUM |
| Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | |||||
| CVE-2023-44194 | 1 Juniper | 1 Junos | 2024-11-21 | N/A | 8.4 HIGH |
| An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1. | |||||
| CVE-2023-44157 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. | |||||
| CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2024-11-21 | N/A | 7.5 HIGH |
| Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | |||||
| CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A | 8.8 HIGH |
| Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | |||||
| CVE-2023-43081 | 1 Dell | 1 Powerprotect Agent For File System | 2024-11-21 | N/A | 4.0 MEDIUM |
| PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. | |||||
| CVE-2023-42774 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. | |||||
| CVE-2023-42668 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-42433 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-42261 | 1 Opensecurity | 1 Mobile Security Framework | 2024-11-21 | N/A | 7.5 HIGH |
| Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server. | |||||
| CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | |||||