Total
1405 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-53931 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | |||||
CVE-2024-52328 | 2025-01-23 | N/A | 2.3 LOW | ||
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. | |||||
CVE-2024-11220 | 1 Openautomationsoftware | 1 Open Automation Software | 2025-01-23 | N/A | 7.8 HIGH |
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. | |||||
CVE-2023-33004 | 1 Jenkins | 1 Tag Profiler | 2025-01-23 | N/A | 4.3 MEDIUM |
A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics. | |||||
CVE-2023-32979 | 1 Jenkins | 1 Email Extension | 2025-01-23 | N/A | 4.3 MEDIUM |
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. | |||||
CVE-2023-31871 | 1 Opentext | 1 Documentum Content Server | 2025-01-22 | N/A | 7.8 HIGH |
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. | |||||
CVE-2023-1692 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | N/A | 7.5 HIGH |
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | |||||
CVE-2024-38337 | 2025-01-19 | N/A | 9.1 CRITICAL | ||
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments. | |||||
CVE-2024-9842 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | N/A | 7.3 HIGH |
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | |||||
CVE-2023-47712 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 7.8 HIGH |
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. | |||||
CVE-2023-31874 | 1 Yank-note | 1 Yank Note | 2025-01-14 | N/A | 8.8 HIGH |
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). | |||||
CVE-2024-54910 | 2025-01-14 | N/A | 4.7 MEDIUM | ||
Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. | |||||
CVE-2023-28346 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | N/A | 7.3 HIGH |
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials. | |||||
CVE-2024-11497 | 2025-01-14 | N/A | 8.8 HIGH | ||
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | |||||
CVE-2025-0066 | 2025-01-14 | N/A | 9.9 CRITICAL | ||
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application | |||||
CVE-2024-7594 | 2025-01-10 | N/A | 7.5 HIGH | ||
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15. | |||||
CVE-2023-28399 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | N/A | 7.8 HIGH |
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program. | |||||
CVE-2024-47475 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | N/A | 5.0 MEDIUM |
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
CVE-2024-55411 | 2025-01-08 | N/A | 8.8 HIGH | ||
An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | |||||
CVE-2024-49385 | 2025-01-02 | N/A | 5.5 MEDIUM | ||
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736. |