Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20234 | 1 Cisco | 43 Firepower 1000, Firepower 1010, Firepower 1020 and 40 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability. | |||||
| CVE-2023-20230 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2024-11-21 | N/A | 5.4 MEDIUM |
| A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. | |||||
| CVE-2023-20216 | 1 Cisco | 12 Broadworks Application Delivery Platform, Broadworks Application Server, Broadworks Database Server and 9 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability. | |||||
| CVE-2023-20200 | 1 Cisco | 15 Firepower 4112, Firepower 4112 Firmware, Firepower 4115 and 12 more | 2024-11-21 | N/A | 7.7 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device. | |||||
| CVE-2023-1939 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. | |||||
| CVE-2023-1692 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-1516 | 1 Robodk | 1 Robodk | 2024-11-21 | N/A | 7.9 HIGH |
| RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. | |||||
| CVE-2023-1135 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.8 HIGH |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | |||||
| CVE-2023-0944 | 1 Imaworldhealth | 1 Bhima | 2024-11-21 | N/A | 4.3 MEDIUM |
| Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. | |||||
| CVE-2023-0834 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2024-11-21 | N/A | 7.0 HIGH |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | |||||
| CVE-2023-0757 | 1 Phoenixcontact | 2 Multiprog, Proconos Eclr | 2024-11-21 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. | |||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2024-11-21 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | |||||
| CVE-2023-0207 | 1 Nvidia | 2 Dgx-2, Sbios | 2024-11-21 | N/A | 7.5 HIGH |
| NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | |||||
| CVE-2022-4630 | 1 Daloradius | 1 Daloradius | 2024-11-21 | N/A | 5.3 MEDIUM |
| Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. | |||||
| CVE-2022-48257 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-11-21 | N/A | 5.3 MEDIUM |
| In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | |||||
| CVE-2022-47927 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data. | |||||
| CVE-2022-46656 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46338 | 2 Debian, G810-led Project | 2 Debian Linux, G810-led | 2024-11-21 | N/A | 6.5 MEDIUM |
| g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | |||||
| CVE-2022-45307 | 1 Chocolatey | 1 Chocolatey Php | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. | |||||
| CVE-2022-45306 | 1 Chocolatey | 1 Chocolatey Azure-pipelines-agent | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | |||||