CVE-2023-28600

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-378
View all →

Vulnerability Description

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.

Related Vulnerabilities

CVE-2021-21290

MEDIUM
CVSS:5.5(Medium)

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final...

CWE-3782021

CVE-2021-28168

MEDIUM
CVSS:5.5(Medium)

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of th...

CWE-3782021

CVE-2022-24823

MEDIUM
CVSS:5.5(Medium)

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290....

CWE-3782022

CVE-2023-0482

MEDIUM
CVSS:5.5(Medium)

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a l...

CWE-3782023

CVE-2023-26603

MEDIUM
CVSS:5.9(Medium)

JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.

CWE-3782023

CVE-2024-52543

MEDIUM
CVSS:4.4(Medium)

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulner...

CWE-3782024