Total
1236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0542 | 2025-01-25 | N/A | 7.8 HIGH | ||
| Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write. | |||||
| CVE-2023-21107 | 1 Google | 1 Android | 2025-01-24 | N/A | 7.8 HIGH |
| In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017 | |||||
| CVE-2023-21104 | 1 Google | 1 Android | 2025-01-24 | N/A | 5.5 MEDIUM |
| In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 | |||||
| CVE-2023-32996 | 1 Jenkins | 1 Saml Single Sign-on | 2025-01-23 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | |||||
| CVE-2024-11598 | 1 Ivanti | 1 Application Control | 2025-01-23 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-11597 | 1 Ivanti | 1 Performance Manager | 2025-01-23 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2023-43629 | 1 Intel | 1 Graphics Performance Analyzers | 2025-01-23 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24460 | 1 Intel | 1 Graphics Performance Analyzers | 2025-01-23 | N/A | 8.2 HIGH |
| Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-46505 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | |||||
| CVE-2023-32999 | 1 Jenkins | 1 Appspider | 2025-01-23 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | |||||
| CVE-2023-30281 | 1 Storecommander | 1 Scquickaccounting | 2025-01-23 | N/A | 6.5 MEDIUM |
| Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email | |||||
| CVE-2023-33240 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-01-21 | N/A | 7.8 HIGH |
| Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | |||||
| CVE-2024-2819 | 1 Hitachi | 1 Ops Center Common Services | 2025-01-21 | N/A | 5.1 MEDIUM |
| Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. | |||||
| CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2024-22889 | 1 Plone | 1 Plone | 2025-01-21 | N/A | 7.5 HIGH |
| Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. | |||||
| CVE-2023-29919 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-01-17 | N/A | 9.1 CRITICAL |
| SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | |||||
| CVE-2024-57684 | 2025-01-16 | N/A | 9.8 CRITICAL | ||
| An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | |||||
| CVE-2019-17365 | 1 Nixos | 1 Nix | 2025-01-15 | 4.6 MEDIUM | 7.8 HIGH |
| Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | |||||
| CVE-2018-13286 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2019-3870 | 3 Fedoraproject, Samba, Synology | 9 Fedora, Samba, Directory Server and 6 more | 2025-01-14 | 3.6 LOW | 6.1 MEDIUM |
| A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. | |||||