Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27070 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-29 | 9.3 HIGH | 7.3 HIGH |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | |||||
| CVE-2021-26434 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2021-42309 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2021-39235 | 1 Apache | 1 Ozone | 2023-12-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. | |||||
| CVE-2023-46142 | 1 Phoenixcontact | 17 Axc F 1152, Axc F 1152 Firmware, Axc F 2152 and 14 more | 2023-12-21 | N/A | 8.8 HIGH |
| A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. | |||||
| CVE-2023-46141 | 1 Phoenixcontact | 31 Automationworx Software Suite, Axc 1050, Axc 1050 Firmware and 28 more | 2023-12-21 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. | |||||
| CVE-2023-0757 | 1 Phoenixcontact | 2 Multiprog, Proconos Eclr | 2023-12-21 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. | |||||
| CVE-2023-49797 | 1 Pyinstaller | 1 Pyinstaller | 2023-12-19 | N/A | 7.8 HIGH |
| PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-6593 | 2 Apple, Devolutions | 2 Iphone Os, Remote Desktop Manager | 2023-12-15 | N/A | 9.8 CRITICAL |
| Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. | |||||
| CVE-2023-42924 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data. | |||||
| CVE-2023-50446 | 1 Mullvad | 1 Mullvad Vpn | 2023-12-13 | N/A | 7.8 HIGH |
| An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. | |||||
| CVE-2023-40302 | 1 Netscout | 1 Ngeniuspulse | 2023-12-12 | N/A | 9.1 CRITICAL |
| NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | |||||
| CVE-2023-49946 | 1 Forgejo | 1 Forgejo | 2023-12-07 | N/A | 9.1 CRITICAL |
| In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions. | |||||
| CVE-2023-29065 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2023-12-05 | N/A | 4.3 MEDIUM |
| The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database. | |||||
| CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2023-11-25 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-6179 | 1 Honeywell | 1 Prowatch | 2023-11-25 | N/A | 7.8 HIGH |
| Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | |||||
| CVE-2023-34314 | 1 Intel | 1 Simics Simulator | 2023-11-21 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34997 | 1 Intel | 1 Server Configuration Utility | 2023-11-21 | N/A | 7.8 HIGH |
| Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39230 | 1 Intel | 1 Rapid Storage Technology | 2023-11-21 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-48087 | 1 Xuxueli | 1 Xxl-job | 2023-11-21 | N/A | 5.4 MEDIUM |
| xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. | |||||