Total
1379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12763 | 3 Apple, Linux, Nomachine | 3 Mac Os X, Linux Kernel, Nomachine | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | |||||
| CVE-2017-1382 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. | |||||
| CVE-2017-12230 | 1 Cisco | 1 Ios Xe | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062. | |||||
| CVE-2017-9505 | 1 Atlassian | 1 Confluence | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself. | |||||
| CVE-2017-5686 | 1 Intel | 4 Nuc6i3syh Bios, Nuc6i3syk, Nuc6i3syk Bios and 1 more | 2025-04-20 | 2.1 LOW | 3.9 LOW |
| The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. | |||||
| CVE-2022-48685 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 7.7 HIGH |
| An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | |||||
| CVE-2024-34221 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 8.8 HIGH |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | |||||
| CVE-2024-34223 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 4.3 MEDIUM |
| Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | |||||
| CVE-2022-47551 | 1 Apiman | 1 Apiman | 2025-04-17 | N/A | 6.5 MEDIUM |
| Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability. | |||||
| CVE-2024-22085 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 6.2 MEDIUM |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. | |||||
| CVE-2022-29909 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 8.8 HIGH |
| Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-3155 | 2 Apple, Mozilla | 2 Macos, Thunderbird | 2025-04-15 | N/A | 7.8 HIGH |
| When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3. | |||||
| CVE-2019-9579 | 3 Illumos, Nexenta, Oracle | 3 Illumos, Nexentastor, Solaris | 2025-04-14 | N/A | 8.1 HIGH |
| An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream). | |||||
| CVE-2015-7985 | 1 Valvesoftware | 1 Steam Client | 2025-04-12 | 7.2 HIGH | N/A |
| Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | |||||
| CVE-2016-3943 | 1 Watchguard | 1 Panda Endpoint Administration Agent | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | |||||
| CVE-2016-5425 | 3 Apache, Oracle, Redhat | 9 Tomcat, Instantis Enterprisetrack, Linux and 6 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | |||||
| CVE-2015-7378 | 1 Watchguard | 1 Panda Url Filtering | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | |||||
| CVE-2024-57548 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | N/A | 9.1 CRITICAL |
| CMSimple 5.16 allows the user to edit log.php file via print page. | |||||
| CVE-2025-23386 | 2025-04-11 | N/A | 7.8 HIGH | ||
| A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. | |||||
| CVE-2012-4453 | 3 Dracut Project, Fedoraproject, Redhat | 5 Dracut, Fedora, Enterprise Linux Desktop and 2 more | 2025-04-11 | 2.1 LOW | N/A |
| dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | |||||