Total
1627 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7594 | 2 Hashicorp, Openbao | 2 Vault, Openbao | 2025-11-13 | N/A | 7.5 HIGH |
| Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15. | |||||
| CVE-2025-34135 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 4.4 MEDIUM |
| Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by enabling unintended execution behaviors or facilitating abuse of service operations when combined with other weaknesses. | |||||
| CVE-2025-34287 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 7.8 HIGH |
| Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation. | |||||
| CVE-2019-15752 | 3 Apache, Docker, Microsoft | 3 Geode, Docker, Windows | 2025-11-06 | 9.3 HIGH | 7.8 HIGH |
| Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | |||||
| CVE-2024-57520 | 1 Sangoma | 1 Asterisk | 2025-11-06 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration. | |||||
| CVE-2025-27446 | 1 Apache | 1 Apisix | 2025-11-04 | N/A | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue. | |||||
| CVE-2023-42924 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data. | |||||
| CVE-2022-48257 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2025-11-04 | N/A | 5.3 MEDIUM |
| In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | |||||
| CVE-2023-4332 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | |||||
| CVE-2023-32724 | 1 Zabbix | 1 Zabbix | 2025-11-03 | N/A | 9.1 CRITICAL |
| Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | |||||
| CVE-2022-23132 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2025-11-03 | 7.5 HIGH | 3.3 LOW |
| During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level | |||||
| CVE-2025-21566 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-21523 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-21520 | 1 Oracle | 2 Mysql Cluster, Mysql Server | 2025-11-03 | N/A | 1.8 LOW |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2025-43268 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-43266 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.1 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox. | |||||
| CVE-2025-43247 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app with root privileges may be able to modify the contents of system files. | |||||
| CVE-2025-30688 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-30687 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-30685 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||