Total
1371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4868 | 2 Ibm, Microsoft | 2 Db2 Universal Database, Windows | 2025-04-03 | 2.1 LOW | 7.1 HIGH |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | |||||
| CVE-2004-1714 | 1 Iss | 2 Blackice Pc Protection, Blackice Server Protection | 2025-04-03 | 2.1 LOW | 7.1 HIGH |
| BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule. | |||||
| CVE-2023-20923 | 1 Google | 1 Android | 2025-04-02 | N/A | 5.5 MEDIUM |
| In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | |||||
| CVE-2021-22117 | 2 Broadcom, Microsoft | 2 Rabbitmq Server, Windows | 2025-04-02 | 4.6 MEDIUM | 7.8 HIGH |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | |||||
| CVE-2022-44263 | 1 Dentsplysirona | 1 Sidexis | 2025-03-31 | N/A | 7.8 HIGH |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | |||||
| CVE-2024-30413 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-29078 | 2025-03-28 | N/A | 7.5 HIGH | ||
| Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings. | |||||
| CVE-2023-52715 | 1 Huawei | 1 Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2022-44715 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 8.8 HIGH |
| Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | |||||
| CVE-2024-12151 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 5.0 MEDIUM |
| Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | |||||
| CVE-2024-12149 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 8.1 HIGH |
| Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | |||||
| CVE-2024-10209 | 2025-03-27 | N/A | N/A | ||
| An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user. | |||||
| CVE-2025-20233 | 2025-03-27 | N/A | 2.5 LOW | ||
| In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user. | |||||
| CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | |||||
| CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | |||||
| CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | |||||
| CVE-2024-51448 | 1 Ibm | 1 Robotic Process Automation | 2025-03-25 | N/A | 6.7 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | |||||
| CVE-2025-0590 | 2025-03-24 | N/A | 7.5 HIGH | ||
| Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. | |||||
| CVE-2021-3172 | 1 Php-fusion | 1 Php-fusion | 2025-03-19 | N/A | 8.1 HIGH |
| An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | |||||
| CVE-2024-8900 | 1 Mozilla | 1 Firefox | 2025-03-18 | N/A | 7.5 HIGH |
| An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. | |||||