Total
1230 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24267 | 1 Apple | 1 Macos | 2025-04-04 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | |||||
| CVE-2025-24170 | 1 Apple | 1 Macos | 2025-04-04 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | |||||
| CVE-2025-24172 | 1 Apple | 1 Macos | 2025-04-04 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. "Block All Remote Content" may not apply for all mail previews. | |||||
| CVE-2025-30465 | 1 Apple | 2 Ipados, Macos | 2025-04-04 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. | |||||
| CVE-2022-45924 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.1 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem. | |||||
| CVE-2025-24238 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-04 | N/A | 9.8 CRITICAL |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges. | |||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2025-04-03 | 4.6 MEDIUM | 7.8 HIGH |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | |||||
| CVE-2002-1844 | 2 Microsoft, Oracle | 2 Windows Media Player, Solaris | 2025-04-03 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | |||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | |||||
| CVE-2005-1941 | 1 Silvercity Project | 1 Silvercity | 2025-04-03 | 3.7 LOW | 7.8 HIGH |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | |||||
| CVE-2004-1778 | 1 Skype | 1 Skype | 2025-04-03 | 4.6 MEDIUM | N/A |
| Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks. | |||||
| CVE-1999-0426 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. | |||||
| CVE-2022-48199 | 2 Microsoft, Softperfect | 2 Windows, Networx | 2025-04-02 | N/A | 8.8 HIGH |
| SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system. | |||||
| CVE-2022-47040 | 1 Askey | 2 Rtf3505vw-n1, Rtf3505vw-n1 Firmware | 2025-04-02 | N/A | 7.8 HIGH |
| An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80. | |||||
| CVE-2022-20456 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
| In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780 | |||||
| CVE-2025-2781 | 2025-04-01 | N/A | N/A | ||
| The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11. | |||||
| CVE-2025-2782 | 2025-04-01 | N/A | N/A | ||
| The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10. | |||||
| CVE-2024-53351 | 1 Linuxfoundation | 1 Pipecd | 2025-04-01 | N/A | 9.8 CRITICAL |
| Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges. | |||||
| CVE-2023-46270 | 2025-03-28 | N/A | 3.3 LOW | ||
| MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items. | |||||
| CVE-2024-26574 | 1 Wondershare | 1 Filmora | 2025-03-28 | N/A | 7.8 HIGH |
| Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe | |||||