Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-276
Total 743 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45153 2 Opensuse, Suse 3 Leap, Linux Enterprise Module For Sap Applications, Linux Enterprise Server 2023-02-24 N/A 7.8 HIGH
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
CVE-2023-22931 1 Splunk 2 Splunk, Splunk Cloud Platform 2023-02-23 N/A 4.3 MEDIUM
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
CVE-2022-45454 2 Acronis, Microsoft 3 Agent, Cyber Protect, Windows 2023-02-22 N/A 7.5 HIGH
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2023-23850 1 Jenkins 1 Synopsys Coverity 2023-02-22 N/A 4.3 MEDIUM
A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-23848 1 Jenkins 1 Synopsys Coverity 2023-02-22 N/A 4.3 MEDIUM
Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-47450 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2023-02-21 N/A 5.5 MEDIUM
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2021-3701 1 Redhat 1 Ansible Runner 2023-02-17 N/A 6.6 MEDIUM
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2023-21433 1 Samsung 1 Galaxy Store 2023-02-17 N/A 7.8 HIGH
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
CVE-2022-31254 2 Opensuse, Suse 4 Leap, Rmt-server, Linux Enterprise Server and 1 more 2023-02-14 N/A 7.8 HIGH
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
CVE-2012-4453 3 Dracut Project, Fedoraproject, Redhat 5 Dracut, Fedora, Enterprise Linux Desktop and 2 more 2023-02-12 2.1 LOW N/A
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
CVE-2021-3981 2 Fedoraproject, Gnu 2 Fedora, Grub2 2023-02-12 2.1 LOW 3.3 LOW
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
CVE-2016-5425 3 Apache, Oracle, Redhat 9 Tomcat, Instantis Enterprisetrack, Linux and 6 more 2023-02-12 7.2 HIGH 7.8 HIGH
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CVE-2021-20269 3 Fedoraproject, Kexec-tools Project, Redhat 3 Fedora, Kexec-tools, Enterprise Linux 2023-02-12 2.1 LOW 5.5 MEDIUM
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.
CVE-2022-2735 2 Clusterlabs, Debian 2 Pcs, Debian Linux 2023-02-12 N/A 7.8 HIGH
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
CVE-2022-45097 1 Dell 1 Emc Powerscale Onefs 2023-02-08 N/A 8.8 HIGH
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
CVE-2022-45099 1 Dell 1 Emc Powerscale Onefs 2023-02-08 N/A 7.8 HIGH
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise
CVE-2022-21704 2 Debian, Log4js Project 2 Debian Linux, Log4js 2023-02-03 2.1 LOW 5.5 MEDIUM
log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update.
CVE-2022-3432 1 Lenovo 2 Ideapad Y700-14isk, Ideapad Y700-14isk Firmware 2023-02-03 N/A 6.7 MEDIUM
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2022-3430 1 Lenovo 88 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro 16arh7 and 85 more 2023-02-03 N/A 6.7 MEDIUM
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2019-14603 1 Intel 1 Quartus Prime 2023-02-02 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.