Total
743 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27593 | 2023-03-19 | N/A | N/A | ||
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible. | |||||
CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.4 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | |||||
CVE-2020-17381 | 1 Ghisler | 1 Total Commander | 2023-03-15 | 4.4 MEDIUM | 7.3 HIGH |
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. | |||||
CVE-2020-36652 | 2 Hitachi, Linux | 6 Automation Director, Infrastructure Analytics Advisor, Ops Center Analyzer and 3 more | 2023-03-13 | N/A | 7.1 HIGH |
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00. | |||||
CVE-2023-1229 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2023-25540 | 1 Dell | 1 Emc Powerscale Onefs | 2023-03-09 | N/A | 7.1 HIGH |
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | |||||
CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2023-03-08 | N/A | 7.1 HIGH |
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | |||||
CVE-2022-36397 | 1 Intel | 1 Quickassist Technology | 2023-03-06 | N/A | 7.8 HIGH |
Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-33196 | 1 Intel | 272 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 269 more | 2023-03-06 | N/A | 6.7 MEDIUM |
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-03-03 | 4.6 MEDIUM | 7.4 HIGH |
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | |||||
CVE-2020-0215 | 1 Google | 1 Android | 2023-03-02 | 4.4 MEDIUM | 7.8 HIGH |
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248 | |||||
CVE-2020-11716 | 1 Panasonic | 12 Eluga Ray 530, Eluga Ray 530 Firmware, Eluga Ray 600 and 9 more | 2023-03-02 | 7.5 HIGH | 9.8 CRITICAL |
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | |||||
CVE-2021-39635 | 1 Google | 1 Android | 2023-03-01 | 9.4 HIGH | 9.1 CRITICAL |
ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller's permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 | |||||
CVE-2021-39658 | 1 Google | 1 Android | 2023-03-01 | 10.0 HIGH | 9.8 CRITICAL |
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | |||||
CVE-2022-40232 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2023-03-01 | N/A | 8.8 HIGH |
IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. | |||||
CVE-2020-13867 | 2 Fedoraproject, Targetcli-fb Project | 2 Fedora, Targetcli-fb | 2023-03-01 | 2.1 LOW | 5.5 MEDIUM |
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | |||||
CVE-2020-36605 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2023-03-01 | N/A | 4.4 MEDIUM |
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. | |||||
CVE-2021-34164 | 1 Lizhifaka Project | 1 Lizhifaka | 2023-03-01 | N/A | 8.8 HIGH |
Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | |||||
CVE-2021-34182 | 1 Ttyd Project | 1 Ttyd | 2023-03-01 | N/A | 9.8 CRITICAL |
An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | |||||
CVE-2022-25992 | 1 Intel | 1 Oneapi-cli | 2023-02-28 | N/A | 7.8 HIGH |
Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |