Total
883 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27035 | 1 Obsidian | 1 Obsidian | 2023-05-06 | N/A | 7.5 HIGH |
| An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | |||||
| CVE-2022-38583 | 1 Sage | 1 Sage 300 | 2023-05-05 | N/A | 7.8 HIGH |
| On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | |||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2023-05-04 | N/A | 7.8 HIGH |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | |||||
| CVE-2023-29923 | 1 Powerjob | 1 Powerjob | 2023-04-28 | N/A | 5.3 MEDIUM |
| PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | |||||
| CVE-2023-28966 | 1 Juniper | 1 Junos Os Evolved | 2023-04-27 | N/A | 7.8 HIGH |
| An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. | |||||
| CVE-2023-26918 | 1 Filereplicationpro | 1 File Replication Pro | 2023-04-21 | N/A | 9.8 CRITICAL |
| Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access. | |||||
| CVE-2023-25355 | 1 Coredial | 1 Sipxcom | 2023-04-11 | N/A | 8.8 HIGH |
| CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. | |||||
| CVE-2022-48360 | 1 Huawei | 2 Emui, Harmonyos | 2023-04-03 | N/A | 7.5 HIGH |
| The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | |||||
| CVE-2020-17381 | 1 Ghisler | 1 Total Commander | 2023-03-15 | 4.4 MEDIUM | 7.3 HIGH |
| An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. | |||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | |||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | |||||
| CVE-2023-1229 | 1 Google | 1 Chrome | 2023-03-11 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-36397 | 1 Intel | 1 Quickassist Technology | 2023-03-06 | N/A | 7.8 HIGH |
| Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33196 | 1 Intel | 272 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 269 more | 2023-03-06 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0215 | 1 Google | 1 Android | 2023-03-03 | 4.4 MEDIUM | 7.8 HIGH |
| In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248 | |||||
| CVE-2020-11716 | 1 Panasonic | 12 Eluga Ray 530, Eluga Ray 530 Firmware, Eluga Ray 600 and 9 more | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | |||||
| CVE-2021-34164 | 1 Lizhifaka Project | 1 Lizhifaka | 2023-03-01 | N/A | 8.8 HIGH |
| Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | |||||
| CVE-2021-34182 | 1 Ttyd Project | 1 Ttyd | 2023-03-01 | N/A | 9.8 CRITICAL |
| An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | |||||
| CVE-2022-45153 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise Module For Sap Applications, Linux Enterprise Server | 2023-02-24 | N/A | 7.8 HIGH |
| An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. | |||||