Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3972 | 1 Redhat | 19 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). | |||||
| CVE-2023-37243 | 2 Atera, Microsoft | 2 Agent Package Availability, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | |||||
| CVE-2023-32450 | 1 Dell | 1 Power Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | |||||
| CVE-2023-26396 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-21612 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-21611 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-24823 | 3 Netapp, Netty, Oracle | 5 Active Iq Unified Manager, Oncommand Workflow Automation, Snapcenter and 2 more | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. | |||||
| CVE-2022-23163 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
| Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | |||||
| CVE-2021-43017 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2024-11-21 | 3.5 LOW | 4.2 MEDIUM |
| Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2021-40776 | 3 Adobe, Apple, Microsoft | 3 Lightroom, Macos, Windows | 2024-11-21 | 6.6 MEDIUM | 6.1 MEDIUM |
| Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2021-40708 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
| Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability. | |||||
| CVE-2021-39828 | 2 Adobe, Apple | 2 Digital Editions, Macos | 2024-11-21 | 6.8 MEDIUM | 5.8 MEDIUM |
| Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2021-39827 | 2 Adobe, Apple | 2 Digital Editions, Macos | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2021-36002 | 1 Adobe | 1 Captivate | 2024-11-21 | 4.4 MEDIUM | 5.0 MEDIUM |
| Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. | |||||
| CVE-2021-31411 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
| Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds. | |||||
| CVE-2021-29428 | 2 Gradle, Quarkus | 2 Gradle, Quarkus | 2024-11-21 | 4.4 MEDIUM | 8.8 HIGH |
| In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory. | |||||
| CVE-2021-28633 | 1 Adobe | 1 Creative Cloud Desktop Application | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system. | |||||
| CVE-2021-28623 | 2 Adobe, Microsoft | 2 Premiere Elements, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-28613 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
| Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction. | |||||
| CVE-2021-28597 | 3 Adobe, Apple, Microsoft | 3 Photoshop Elements, Macos, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||