Total
1384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35183 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 7.8 HIGH |
| The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | |||||
| CVE-2023-35181 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 7.8 HIGH |
| The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | |||||
| CVE-2023-34315 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-33966 | 1 Deno | 2 Deno, Deno Runtime | 2024-11-21 | N/A | 8.6 HIGH |
| Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue. | |||||
| CVE-2023-33745 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password). | |||||
| CVE-2023-32698 | 1 Goreleaser | 1 Nfpm | 2024-11-21 | N/A | 7.1 HIGH |
| nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders. | |||||
| CVE-2023-32663 | 1 Intel | 1 Realsense Software Development Kit | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32638 | 1 Intel | 1 Arc Rgb Controller | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32547 | 2 Intel, Topconpositioning | 2 Falcon 8\+, Mavinci Desktop | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32543 | 1 Intel | 1 Intelligent Test System | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32492 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | |||||
| CVE-2023-32183 | 1 Opensuse | 1 Tumbleweed | 2024-11-21 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | |||||
| CVE-2023-31468 | 1 Inosoft | 1 Visiwin 7 | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version. | |||||
| CVE-2023-31462 | 1 Steelseries | 1 Gg | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges. | |||||
| CVE-2023-31246 | 1 Intel | 1 Server Debug And Provisioning Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31068 | 1 Tsplus | 1 Tsplus Remote Access | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. | |||||
| CVE-2023-31067 | 1 Tsplus | 1 Tsplus Remote Access | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www. | |||||
| CVE-2023-2749 | 1 Asustor | 2 Adm, Download Center | 2024-11-21 | N/A | 8.6 HIGH |
| Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. | |||||
| CVE-2023-29838 | 1 Allwaysync | 1 Allwaysync | 2024-11-21 | N/A | 7.8 HIGH |
| Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | |||||
| CVE-2023-29244 | 1 Intel | 1 Nuc P14e Laptop Element | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||