Total
1549 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-20254 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Manager | 2024-11-21 | 7.2 High |
A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition. | ||||
CVE-2023-20234 | 1 Cisco | 43 Firepower 1000, Firepower 1010, Firepower 1020 and 40 more | 2024-11-21 | 4.4 Medium |
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability. | ||||
CVE-2023-20230 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2024-11-21 | 5.4 Medium |
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. | ||||
CVE-2023-20216 | 1 Cisco | 12 Broadworks Application Delivery Platform, Broadworks Application Server, Broadworks Database Server and 9 more | 2024-11-21 | 4.4 Medium |
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability. | ||||
CVE-2023-0757 | 1 Phoenixcontact | 2 Multiprog, Proconos Eclr | 2024-11-21 | 9.8 Critical |
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. | ||||
CVE-2022-48257 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-11-21 | 5.3 Medium |
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | ||||
CVE-2022-43946 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.3 High |
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. | ||||
CVE-2022-41700 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | 6.7 Medium |
Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-38170 | 1 Apache | 1 Airflow | 2024-11-21 | 4.7 Medium |
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. | ||||
CVE-2022-37771 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | 6.7 Medium |
IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | ||||
CVE-2022-37435 | 1 Apache | 1 Shenyu | 2024-11-21 | 8.8 High |
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. | ||||
CVE-2022-36800 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | 4.3 Medium |
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. | ||||
CVE-2022-36670 | 1 Pcprotect | 1 Endpoint | 2024-11-21 | 6.7 Medium |
PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | ||||
CVE-2022-35167 | 1 Prinitix | 1 Cloud Print Management | 2024-11-21 | 8.8 High |
Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. | ||||
CVE-2022-34891 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.8 High |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395. | ||||
CVE-2022-34112 | 1 Dataease Project | 1 Dataease | 2024-11-21 | 6.5 Medium |
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. | ||||
CVE-2022-34043 | 1 Nomachine | 1 Nomachine | 2024-11-21 | 7.3 High |
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. | ||||
CVE-2022-34012 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 6.5 Medium |
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. | ||||
CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2024-11-21 | 6.7 Medium |
Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-33695 | 1 Google | 1 Android | 2024-11-21 | 5.1 Medium |
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. |