Total
1461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30977 | 2025-03-13 | N/A | 7.8 HIGH | ||
|
An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component.
|
|||||
| CVE-2024-44228 | 1 Apple | 1 Xcode | 2025-03-13 | N/A | 7.5 HIGH |
|
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
|
|||||
| CVE-2023-52545 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
|
Vulnerability of undefined permissions in the Calendar app.
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2024-44786 | 2025-03-13 | N/A | 7.5 HIGH | ||
|
Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.
|
|||||
| CVE-2024-30415 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 9.1 CRITICAL |
|
Vulnerability of improper permission control in the window management module.
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2023-52717 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 5.3 MEDIUM |
|
Permission verification vulnerability in the lock screen module.
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2023-52362 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
|
Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 5.3 MEDIUM |
|
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
|
|||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | N/A | 7.5 HIGH |
|
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.
|
|||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 5.3 MEDIUM |
|
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
|
|||||
| CVE-2024-1605 | 1 Bmc | 1 Control-m | 2025-03-06 | N/A | 6.6 MEDIUM |
|
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges.
Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
|
|||||
| CVE-2025-24864 | 2025-03-06 | N/A | 7.8 HIGH | ||
|
Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.
|
|||||
| CVE-2025-22447 | 2025-03-06 | N/A | 7.8 HIGH | ||
|
Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.
|
|||||
| CVE-2024-58049 | 1 Huawei | 1 Harmonyos | 2025-03-05 | N/A | 5.0 MEDIUM |
|
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-58047 | 1 Huawei | 1 Harmonyos | 2025-03-05 | N/A | 5.0 MEDIUM |
|
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-58044 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-05 | N/A | 8.4 HIGH |
|
Permission verification bypass vulnerability in the notification module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2022-25899 | 1 Intel | 1 Open Active Management Technology Cloud Toolkit | 2025-02-25 | N/A | 9.8 CRITICAL |
|
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2022-26344 | 1 Intel | 1 Single Event Api | 2025-02-25 | N/A | 7.8 HIGH |
|
Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-56525 | 2025-02-25 | N/A | 9.8 CRITICAL | ||
|
In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin.
|
|||||
| CVE-2024-20841 | 1 Samsung | 1 Account | 2025-02-14 | N/A | 5.1 MEDIUM |
|
Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
|
|||||
| CVE-2023-42501 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 4.3 MEDIUM |
|
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.
This issue affects Apache Superset: before 2.1.2.
Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.
|
|||||
| CVE-2022-43702 | 1 Arm | 6 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 3 more | 2025-02-13 | N/A | 7.8 HIGH |
|
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
|
|||||
| CVE-2022-43701 | 1 Arm | 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more | 2025-02-13 | N/A | 7.8 HIGH |
|
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
|
|||||
| CVE-2023-25355 | 1 Coredial | 1 Sipxcom | 2025-02-13 | N/A | 8.8 HIGH |
|
CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`.
|
|||||
| CVE-2024-42419 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-32942 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-1155 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2025-02-12 | N/A | 7.8 HIGH |
|
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-1156 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2025-02-12 | N/A | 7.8 HIGH |
|
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
|
|||||
| CVE-2023-31360 | 2025-02-11 | N/A | 7.3 HIGH | ||
|
Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
|
|||||
| CVE-2024-20830 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 5.3 MEDIUM |
|
Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.
|
|||||
| CVE-2023-27647 | 1 Dualspace | 1 Lock Master | 2025-02-10 | N/A | 7.1 HIGH |
|
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.
|
|||||
| CVE-2023-22951 | 1 Tigergraph | 2 Cloud, Tigergraph Enterprise | 2025-02-07 | N/A | 8.8 HIGH |
|
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.
|
|||||
| CVE-2023-26918 | 1 Filereplicationpro | 1 File Replication Pro | 2025-02-07 | N/A | 9.8 CRITICAL |
|
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
|
|||||
| CVE-2024-21615 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-06 | N/A | 5.0 MEDIUM |
|
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.
On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.
This issue affects:
Junos OS:
* all versions before ...
Show More |
|||||
| CVE-2023-48678 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.5 MEDIUM |
|
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
|
|||||
| CVE-2021-41614 | 1 Openrisc | 2 Mor1kx, Mor1kx Firmware | 2025-02-06 | N/A | 7.8 HIGH |
|
An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR.
|
|||||
| CVE-2022-36367 | 1 Intel | 1 Support | 2025-02-05 | N/A | 4.4 MEDIUM |
|
Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.
|
|||||
| CVE-2024-11468 | 2025-02-05 | N/A | 7.8 HIGH | ||
|
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
|
|||||
| CVE-2023-29923 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 5.3 MEDIUM |
|
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
|
|||||
| CVE-2024-35201 | 2 Intel, Microsoft | 2 Server Debug And Provisioning Tool, Windows | 2025-02-04 | N/A | 6.7 MEDIUM |
|
Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.
|
|||||