Total
883 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46743 | 1 Xwiki | 1 Application-collabora | 2023-11-17 | N/A | 4.3 MEDIUM |
| application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3. | |||||
| CVE-2022-36377 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2023-11-14 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2023-11-09 | N/A | 7.8 HIGH |
| Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | |||||
| CVE-2022-4575 | 1 Lenovo | 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more | 2023-11-08 | N/A | 6.7 MEDIUM |
| A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | |||||
| CVE-2023-4065 | 1 Redhat | 4 Enterprise Linux, Jboss A-mq, Jboss Middleware and 1 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | |||||
| CVE-2023-32547 | 2 Intel, Topconpositioning | 2 Falcon 8\+, Mavinci Desktop | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32543 | 1 Intel | 1 Intelligent Test System | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31246 | 1 Intel | 1 Server Debug And Provisioning Tool | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27593 | 1 Cilium | 1 Cilium | 2023-11-07 | N/A | 5.5 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible. | |||||
| CVE-2023-27505 | 1 Intel | 1 Advanced Link Analyzer | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27392 | 1 Intel | 1 Support | 2023-11-07 | N/A | 4.4 MEDIUM |
| Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-27382 | 2 Intel, Microsoft | 2 Nuc P14e Laptop Element, Windows 10 | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25941 | 1 Dell | 1 Emc Powerscale Onefs | 2023-11-07 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. | |||||
| CVE-2023-25540 | 1 Dell | 1 Emc Powerscale Onefs | 2023-11-07 | N/A | 7.1 HIGH |
| Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | |||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2023-11-07 | N/A | 4.3 MEDIUM |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2023-11-07 | N/A | 4.3 MEDIUM |
| Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-22440 | 1 Intel | 1 Setup And Configuration Software | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-4039 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | |||||
| CVE-2022-4020 | 1 Acer | 10 Aspire A115-21, Aspire A115-21 Firmware, Aspire A315-22 and 7 more | 2023-11-07 | N/A | 8.2 HIGH |
| Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. | |||||
| CVE-2022-46774 | 1 Ibm | 2 Manage Application, Maximo Application Suite | 2023-11-07 | N/A | 6.5 MEDIUM |
| IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953. | |||||