Total
1427 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1939 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-10 | N/A | 4.3 MEDIUM |
| No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. | |||||
| CVE-2023-30512 | 1 Linuxfoundation | 1 Cubefs | 2025-02-07 | N/A | 6.5 MEDIUM |
| CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. | |||||
| CVE-2024-25645 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-02-07 | N/A | 5.3 MEDIUM |
| Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application. | |||||
| CVE-2024-28163 | 1 Sap | 1 Netweaver Process Integration | 2025-02-07 | N/A | 5.3 MEDIUM |
| Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. | |||||
| CVE-2025-0374 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
| When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd. An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved. | |||||
| CVE-2025-21325 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 3 more | 2025-02-07 | N/A | 7.8 HIGH |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | |||||
| CVE-2024-57520 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
| Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function | |||||
| CVE-2024-57068 | 2025-02-06 | N/A | 7.5 HIGH | ||
| A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2023-28123 | 1 Ui | 1 Desktop | 2025-02-05 | N/A | 5.5 MEDIUM |
| A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | |||||
| CVE-2024-36294 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36276 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-41970 | 2025-02-04 | N/A | 5.7 MEDIUM | ||
| A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | |||||
| CVE-2024-29964 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 5.7 MEDIUM |
| Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | |||||
| CVE-2024-41974 | 2025-02-03 | N/A | 7.1 HIGH | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | |||||
| CVE-2024-39967 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. | |||||
| CVE-2023-31748 | 1 Wondershare | 1 Mobiletrans | 2025-01-31 | N/A | 7.8 HIGH |
| Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. | |||||
| CVE-2023-33251 | 2 Lightbend, Linux | 2 Akka Http, Linux Kernel | 2025-01-31 | N/A | 4.7 MEDIUM |
| When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | |||||
| CVE-2024-37369 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | |||||
| CVE-2024-7513 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 8.8 HIGH |
| CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. | |||||
| CVE-2024-6435 | 1 Rockwellautomation | 1 Pavilion8 | 2025-01-31 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section. | |||||