Total
1265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28068 | 1 Dell | 1 Command \| Monitor | 2024-02-28 | N/A | 7.8 HIGH |
| Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path | |||||
| CVE-2023-34797 | 1 Temenos | 1 Cwx | 2024-02-28 | N/A | 5.4 MEDIUM |
| Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | |||||
| CVE-2023-25817 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | N/A | 8.1 HIGH |
| Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-3101 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-02-28 | N/A | 5.5 MEDIUM |
| A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | |||||
| CVE-2023-35799 | 1 Stormshield | 1 Endpoint Security | 2024-02-28 | N/A | 5.5 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. | |||||
| CVE-2023-2876 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2024-02-28 | N/A | 6.1 MEDIUM |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1. | |||||
| CVE-2023-29860 | 1 Dtstack | 1 Taier | 2024-02-28 | N/A | 7.5 HIGH |
| An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. | |||||
| CVE-2023-1135 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 7.8 HIGH |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | |||||
| CVE-2023-30897 | 1 Siemens | 1 Wincc | 2024-02-28 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2023-35800 | 1 Stormshield | 1 Endpoint Security | 2024-02-28 | N/A | 4.3 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. | |||||
| CVE-2022-3146 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-02-28 | N/A | 5.5 MEDIUM |
| A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. | |||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2024-02-28 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | |||||
| CVE-2023-0207 | 1 Nvidia | 2 Dgx-2, Sbios | 2024-02-28 | N/A | 4.4 MEDIUM |
| NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | |||||
| CVE-2023-32992 | 1 Jenkins | 1 Saml Single Sign On | 2024-02-28 | N/A | 8.8 HIGH |
| Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | |||||
| CVE-2023-30512 | 1 Linuxfoundation | 1 Cubefs | 2024-02-28 | N/A | 6.5 MEDIUM |
| CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. | |||||
| CVE-2023-32990 | 1 Jenkins | 1 Azure Vm Agents | 2024-02-28 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | |||||
| CVE-2023-1692 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
| The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-35147 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-02-28 | N/A | 6.5 MEDIUM |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-33163 | 1 Ibm | 1 Security Directory Suite Va | 2024-02-28 | N/A | 8.1 HIGH |
| IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. | |||||
| CVE-2023-27096 | 1 Opengoofy | 1 Hippo4j | 2024-02-28 | N/A | 6.5 MEDIUM |
| Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. | |||||