Export limit exceeded: 334640 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35938 | 1 Enalean | 1 Tuleap | 2024-11-21 | 4.1 Medium |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-34034 | 2 Redhat, Vmware | 2 Jboss Fuse, Spring Security | 2024-11-21 | 9.1 Critical |
| Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | ||||
| CVE-2023-30735 | 1 Samsung | 1 Sassistant | 2024-11-21 | 5.1 Medium |
| Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant. | ||||
| CVE-2023-2993 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2024-11-21 | 5.4 Medium |
| A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | ||||
| CVE-2023-2818 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 5.5 Medium |
| An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. | ||||
| CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2024-11-21 | 4 Medium |
| Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | ||||
| CVE-2023-21249 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-1386 | 3 Fedoraproject, Qemu, Redhat | 4 Fedora, Qemu, Advanced Virtualization and 1 more | 2024-11-21 | 3.3 Low |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. | ||||
| CVE-2022-47637 | 3 Apachefriends, Microsoft, Xampp | 3 Xampp, Windows, Apache Distribution | 2024-11-21 | 6.7 Medium |
| The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. | ||||
| CVE-2022-43910 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 8.4 High |
| IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908. | ||||
| CVE-2022-32969 | 1 Metamask | 1 Metamask | 2024-11-21 | 5.9 Medium |
| MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. | ||||
| CVE-2022-31755 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.5 Medium |
| The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. | ||||
| CVE-2022-31262 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM. | ||||
| CVE-2022-31237 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 3.3 Low |
| Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. | ||||
| CVE-2022-2787 | 1 Debian | 2 Debian Linux, Schroot | 2024-11-21 | 4.3 Medium |
| Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | ||||
| CVE-2022-29594 | 2 Eginnovations, Microsoft | 5 Eg Agent, Eg Manager, Eg Rum Collectors and 2 more | 2024-11-21 | 7.8 High |
| eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | ||||
| CVE-2022-26612 | 2 Apache, Microsoft | 2 Hadoop, Windows | 2024-11-21 | 9.8 Critical |
| In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 | ||||
| CVE-2022-25265 | 3 Linux, Netapp, Redhat | 20 Linux Kernel, Baseboard Management Controller Firmware, H300e and 17 more | 2024-11-21 | 7.8 High |
| In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. | ||||
| CVE-2022-24618 | 1 Heimdalsecurity | 1 Heimdal Premium Security | 2024-11-21 | 7.8 High |
| Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer. | ||||
| CVE-2022-24428 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.3 Medium |
| Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | ||||