Total
1220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30527 | 1 Siemens | 1 Sinec Nms | 2023-10-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2023-10-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. | |||||
| CVE-2023-45369 | 1 Mediawiki | 1 Mediawiki | 2023-10-12 | N/A | 4.3 MEDIUM |
| An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed. | |||||
| CVE-2023-45364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-10-12 | N/A | 5.3 MEDIUM |
| An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. | |||||
| CVE-2023-36465 | 1 Decidim | 1 Decidim | 2023-10-11 | N/A | 7.1 HIGH |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4. | |||||
| CVE-2023-39005 | 1 Opnsense | 1 Opnsense | 2023-10-10 | N/A | 7.5 HIGH |
| Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | |||||
| CVE-2023-39004 | 1 Opnsense | 1 Opnsense | 2023-10-10 | N/A | 9.8 CRITICAL |
| Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | |||||
| CVE-2023-39003 | 1 Opnsense | 1 Opnsense | 2023-10-10 | N/A | 7.5 HIGH |
| OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | |||||
| CVE-2023-5077 | 1 Hashicorp | 1 Vault | 2023-10-02 | N/A | 7.5 HIGH |
| The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. | |||||
| CVE-2023-4565 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-29 | N/A | 5.3 MEDIUM |
| Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable. | |||||
| CVE-2023-20254 | 1 Cisco | 1 Sd-wan Manager | 2023-09-29 | N/A | 8.8 HIGH |
| A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition. | |||||
| CVE-2023-38557 | 1 Siemens | 1 Spectrum Power 7 | 2023-09-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2023-4665 | 1 Saphira | 1 Connect | 2023-09-20 | N/A | 8.8 HIGH |
| Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | |||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2023-09-17 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | |||||
| CVE-2023-4777 | 1 Qualys | 1 Container Scanning Connector | 2023-09-13 | N/A | 4.3 MEDIUM |
| An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | |||||
| CVE-2023-32162 | 2 Microsoft, Wacom | 2 Windows, Driver | 2023-09-11 | N/A | 7.8 HIGH |
| Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318. | |||||
| CVE-2023-34391 | 2 Microsoft, Selinc | 2 Windows, Sel-5033 Acselerator Real-time Automation Controller | 2023-09-06 | N/A | 5.5 MEDIUM |
| Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | |||||
| CVE-2023-3915 | 1 Gitlab | 1 Gitlab | 2023-09-01 | N/A | 7.2 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects. | |||||
| CVE-2023-4228 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2023-08-29 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
| CVE-2023-4332 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | |||||