Total
1461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1844 | 2 Microsoft, Oracle | 2 Windows Media Player, Solaris | 2025-04-03 | 7.2 HIGH | 7.8 HIGH |
|
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
|
|||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
|
|||||
| CVE-2005-1941 | 1 Silvercity Project | 1 Silvercity | 2025-04-03 | 3.7 LOW | 7.8 HIGH |
|
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
|
|||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2025-04-03 | 4.6 MEDIUM | 7.8 HIGH |
|
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
|
|||||
| CVE-2004-1778 | 1 Skype | 1 Skype | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.
|
|||||
| CVE-1999-0426 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
|
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
|
|||||
| CVE-2022-48199 | 2 Microsoft, Softperfect | 2 Windows, Networx | 2025-04-02 | N/A | 8.8 HIGH |
|
SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every us ...
Show More |
|||||
| CVE-2022-47040 | 1 Askey | 2 Rtf3505vw-n1, Rtf3505vw-n1 Firmware | 2025-04-02 | N/A | 7.8 HIGH |
|
An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.
|
|||||
| CVE-2022-20456 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
|
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780
|
|||||
| CVE-2025-2781 | 2025-04-01 | N/A | N/A | ||
|
The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.
This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
|
|||||
| CVE-2025-2782 | 2025-04-01 | N/A | N/A | ||
|
The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.
This issue affects Terminal Services Agent: from 12.0 through 12.10.
|
|||||
| CVE-2024-53351 | 1 Linuxfoundation | 1 Pipecd | 2025-04-01 | N/A | 9.8 CRITICAL |
|
Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.
|
|||||
| CVE-2023-46270 | 2025-03-28 | N/A | 3.3 LOW | ||
|
MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items.
|
|||||
| CVE-2024-26574 | 1 Wondershare | 1 Filmora | 2025-03-28 | N/A | 7.8 HIGH |
|
Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
|
|||||
| CVE-2025-25535 | 2025-03-27 | N/A | 9.8 CRITICAL | ||
|
HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.
|
|||||
| CVE-2022-23454 | 1 Hp | 1 Support Assistant | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
|
|||||
| CVE-2022-23453 | 1 Hp | 1 Support Assistant | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
|
|||||
| CVE-2024-26302 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 4.8 MEDIUM |
|
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
|
|||||
| CVE-2024-6148 | 1 Citrix | 1 Workspace | 2025-03-25 | N/A | 8.8 HIGH |
|
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
|
|||||
| CVE-2024-54564 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.
|
|||||
| CVE-2024-51440 | 2025-03-22 | N/A | 7.8 HIGH | ||
|
An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component.
|
|||||
| CVE-2023-1809 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 7.5 HIGH |
|
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.
|
|||||
| CVE-2025-27612 | 2025-03-21 | N/A | 5.9 MEDIUM | ||
|
libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, sim ...
Show More |
|||||
| CVE-2025-24915 | 2025-03-21 | N/A | 7.8 HIGH | ||
|
When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
|
|||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40655 | 1 Google | 1 Android | 2025-03-18 | N/A | 7.8 HIGH |
|
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2023-52379 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-18 | N/A | 7.5 HIGH |
|
Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | N/A | 4.3 MEDIUM |
|
A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
|||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | N/A | 4.3 MEDIUM |
|
Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
|
|||||
| CVE-2024-48822 | 2025-03-18 | N/A | 8.8 HIGH | ||
|
Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page.
|
|||||
| CVE-2021-34182 | 1 Ttyd Project | 1 Ttyd | 2025-03-18 | N/A | 9.8 CRITICAL |
|
An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.
|
|||||
| CVE-2021-34164 | 1 Lizhifaka Project | 1 Lizhifaka | 2025-03-18 | N/A | 8.8 HIGH |
|
Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.
|
|||||
| CVE-2021-37000 | 1 Huawei | 1 Harmonyos | 2025-03-18 | N/A | 7.7 HIGH |
|
Some Huawei wearables have a permission management vulnerability.
|
|||||
| CVE-2024-55959 | 2025-03-18 | N/A | 9.1 CRITICAL | ||
|
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.
|
|||||
| CVE-2024-40792 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 3.3 LOW |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.
|
|||||
| CVE-2024-10469 | 1 Cert | 1 Vince | 2025-03-17 | N/A | 6.5 MEDIUM |
|
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.
|
|||||
| CVE-2024-51162 | 2025-03-17 | N/A | 8.8 HIGH | ||
|
An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more.
|
|||||
| CVE-2024-48823 | 2025-03-15 | N/A | 9.8 CRITICAL | ||
|
Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.
|
|||||
| CVE-2024-55957 | 2025-03-14 | N/A | 7.8 HIGH | ||
|
In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.
|
|||||
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | N/A | 5.5 MEDIUM |
|
Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.
|
|||||