Total
1310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32183 | 1 Opensuse | 1 Tumbleweed | 2024-11-21 | 7.8 High |
| Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | ||||
| CVE-2023-31468 | 1 Inosoft | 1 Visiwin 7 | 2024-11-21 | 7.8 High |
| An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version. | ||||
| CVE-2023-31462 | 1 Steelseries | 1 Gg | 2024-11-21 | 8.8 High |
| An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges. | ||||
| CVE-2023-31246 | 1 Intel | 1 Server Debug And Provisioning Tool | 2024-11-21 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31068 | 1 Tsplus | 1 Tsplus Remote Access | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. | ||||
| CVE-2023-31067 | 1 Tsplus | 1 Tsplus Remote Access | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www. | ||||
| CVE-2023-2737 | 2 Microsoft, Thalesgroup | 2 Windows, Safenet Authentication Service | 2024-11-21 | 5.7 Medium |
| Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | ||||
| CVE-2023-29244 | 1 Intel | 1 Nuc P14e Laptop Element | 2024-11-21 | 6.7 Medium |
| Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29131 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | 7.4 High |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | ||||
| CVE-2023-29081 | 1 Flexera | 1 Installshield | 2024-11-21 | 5.5 Medium |
| A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. | ||||
| CVE-2023-28870 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-11-21 | 6.5 Medium |
| Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | ||||
| CVE-2023-28389 | 2024-11-21 | 6.7 Medium | ||
| Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27505 | 1 Intel | 1 Advanced Link Analyzer | 2024-11-21 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27392 | 1 Intel | 1 Support | 2024-11-21 | 4.4 Medium |
| Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-27305 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-11-21 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27195 | 1 Trimble | 1 Tm4web | 2024-11-21 | 9.8 Critical |
| Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges. | ||||
| CVE-2023-27133 | 1 Tsplus | 1 Tsplus Remote Work | 2024-11-21 | 9.8 Critical |
| TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product. | ||||
| CVE-2023-26077 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-11-21 | 7.8 High |
| Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-21 | 3 Low |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | ||||
| CVE-2023-21512 | 1 Samsung | 1 Android | 2024-11-21 | 2.4 Low |
| Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. | ||||