Total
1503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39230 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39005 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 7.5 HIGH |
| Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | |||||
| CVE-2023-39004 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 9.8 CRITICAL |
| Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | |||||
| CVE-2023-39003 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 7.5 HIGH |
| OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | |||||
| CVE-2023-38991 | 1 Jeesite | 1 Jeesite | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | |||||
| CVE-2023-38640 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-11-21 | N/A | 6.6 MEDIUM |
| A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. | |||||
| CVE-2023-38557 | 1 Siemens | 1 Spectrum Power 7 | 2024-11-21 | N/A | 8.2 HIGH |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2023-38541 | 1 Intel | 1 Hid Event Filter Driver | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38497 | 2 Fedoraproject, Rust-lang | 2 Fedora, Cargo | 2024-11-21 | N/A | 7.9 HIGH |
| Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. | |||||
| CVE-2023-37237 | 1 Veritas | 1 Netbackup Appliance | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. | |||||
| CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2024-11-21 | N/A | 5.4 MEDIUM |
| An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | |||||
| CVE-2023-36465 | 1 Decidim | 1 Decidim | 2024-11-21 | N/A | 9.1 CRITICAL |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4. | |||||
| CVE-2023-35870 | 1 Sap | 1 S4core | 2024-11-21 | N/A | 6.3 MEDIUM |
| When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable. | |||||
| CVE-2023-35800 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | N/A | 4.3 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. | |||||
| CVE-2023-35799 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | N/A | 5.5 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. | |||||
| CVE-2023-35168 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 6.5 MEDIUM |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability. | |||||
| CVE-2023-34997 | 1 Intel | 1 Server Configuration Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34981 | 1 Apache | 1 Tomcat | 2024-11-21 | N/A | 7.5 HIGH |
| A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. | |||||
| CVE-2023-34797 | 1 Temenos | 1 Cwx | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | |||||
| CVE-2023-34437 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | |||||