ReportizFlow
Filtered by vendor
Subscriptions
Total
1406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44201 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 5 Medium |
| An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO. | ||||
| CVE-2023-44120 | 1 Siemens | 1 Spectrum Power 7 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access. | ||||
| CVE-2023-42924 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data. | ||||
| CVE-2023-42861 | 1 Apple | 1 Macos | 2024-11-21 | 6.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac. | ||||
| CVE-2023-42489 | 1 Busbaer | 1 Eisbaer Scada | 2024-11-21 | 7.5 High |
| EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource | ||||
| CVE-2023-41776 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-11-21 | 6.7 Medium |
| There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | ||||
| CVE-2023-41295 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | ||||
| CVE-2023-40754 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | 8.8 High |
| In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | ||||
| CVE-2023-40622 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 9.9 Critical |
| SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability. | ||||
| CVE-2023-40516 | 1 Lg | 1 Simple Editor | 2024-11-21 | N/A |
| LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product sets incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20327. | ||||
| CVE-2023-40361 | 1 Secudos | 1 Qiata | 2024-11-21 | 7.8 High |
| SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | ||||
| CVE-2023-40302 | 1 Netscout | 1 Ngeniuspulse | 2024-11-21 | 9.1 Critical |
| NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | ||||
| CVE-2023-3915 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects. | ||||
| CVE-2023-3322 | 1 Abb | 1 Zenon | 2024-11-21 | 7 High |
| A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | ||||
| CVE-2023-3282 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Cortex Xsoar | 2024-11-21 | 6.4 Medium |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | ||||
| CVE-2023-39230 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-39005 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 7.5 High |
| Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | ||||
| CVE-2023-39004 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 9.8 Critical |
| Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | ||||
| CVE-2023-39003 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 7.5 High |
| OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | ||||
| CVE-2023-38991 | 1 Jeesite | 1 Jeesite | 2024-11-21 | 5.4 Medium |
| An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | ||||