Vulnerabilities (CVE)

Filtered by CWE-732
Total 1405 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-53931 2025-01-23 N/A 9.1 CRITICAL
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component.
CVE-2024-52328 2025-01-23 N/A 2.3 LOW
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
CVE-2024-11220 1 Openautomationsoftware 1 Open Automation Software 2025-01-23 N/A 7.8 HIGH
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.
CVE-2023-33004 1 Jenkins 1 Tag Profiler 2025-01-23 N/A 4.3 MEDIUM
A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.
CVE-2023-32979 1 Jenkins 1 Email Extension 2025-01-23 N/A 4.3 MEDIUM
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
CVE-2023-31871 1 Opentext 1 Documentum Content Server 2025-01-22 N/A 7.8 HIGH
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.
CVE-2023-1692 1 Huawei 2 Emui, Harmonyos 2025-01-21 N/A 7.5 HIGH
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2024-38337 2025-01-19 N/A 9.1 CRITICAL
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.
CVE-2024-9842 2 Ivanti, Microsoft 2 Secure Access Client, Windows 2025-01-17 N/A 7.3 HIGH
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
CVE-2023-47712 1 Ibm 1 Security Guardium 2025-01-14 N/A 7.8 HIGH
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.
CVE-2023-31874 1 Yank-note 1 Yank Note 2025-01-14 N/A 8.8 HIGH
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').
CVE-2024-54910 2025-01-14 N/A 4.7 MEDIUM
Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function.
CVE-2023-28346 2 Faronics, Microsoft 2 Insight, Windows 2025-01-14 N/A 7.3 HIGH
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.
CVE-2024-11497 2025-01-14 N/A 8.8 HIGH
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
CVE-2025-0066 2025-01-14 N/A 9.9 CRITICAL
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application
CVE-2024-7594 2025-01-10 N/A 7.5 HIGH
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
CVE-2023-28399 1 Contec 1 Conprosys Hmi System 2025-01-09 N/A 7.8 HIGH
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.
CVE-2024-47475 1 Dell 1 Powerscale Onefs 2025-01-09 N/A 5.0 MEDIUM
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.
CVE-2024-55411 2025-01-08 N/A 8.8 HIGH
An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests.
CVE-2024-49385 2025-01-02 N/A 5.5 MEDIUM
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736.