Search Results (1546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-38335 1 Omnis 1 Studio 2024-11-21 5.3 Medium
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".
CVE-2023-38334 1 Omnis 1 Studio 2024-11-21 6.5 Medium
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."
CVE-2023-37878 1 Wftpserver 1 Wing Ftp Server 2024-11-21 6.1 Medium
Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.
CVE-2023-37572 1 Softing 1 Opc 2024-11-21 7.5 High
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.
CVE-2023-35183 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.8 High
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
CVE-2023-35181 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.8 High
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
CVE-2023-34315 1 Intel 1 Virtual Raid On Cpu 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-33745 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-11-21 9.8 Critical
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).
CVE-2023-32663 1 Intel 1 Realsense Software Development Kit 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32638 1 Intel 1 Arc Rgb Controller 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32547 3 Intel, Mavinci Desktop Software For Intel Falcon 8 Plus, Topconpositioning 3 Falcon 8\+, Mavinci Desktop Software For Intel Falcon 8 Plus, Mavinci Desktop 2024-11-21 6.7 Medium
Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32543 1 Intel 1 Intelligent Test System 2024-11-21 6.7 Medium
Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32183 1 Opensuse 1 Tumbleweed 2024-11-21 7.8 High
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.
CVE-2023-31468 1 Inosoft 1 Visiwin 7 2024-11-21 7.8 High
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
CVE-2023-31462 1 Steelseries 1 Gg 2024-11-21 8.8 High
An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.
CVE-2023-31246 1 Intel 1 Server Debug And Provisioning Tool 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31067 1 Tsplus 1 Tsplus Remote Access 2024-11-21 9.8 Critical
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.
CVE-2023-2737 2 Microsoft, Thalesgroup 2 Windows, Safenet Authentication Service 2024-11-21 5.7 Medium
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.
CVE-2023-28870 1 Ncp-e 1 Secure Enterprise Client 2024-11-21 6.5 Medium
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.
CVE-2023-27505 1 Intel 1 Advanced Link Analyzer 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.