Total
1351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45099 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 7.8 High |
| Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise | ||||
| CVE-2024-6148 | 1 Citrix | 1 Workspace | 2025-03-25 | 8.8 High |
| Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | ||||
| CVE-2022-31254 | 2 Opensuse, Suse | 4 Leap, Rmt-server, Linux Enterprise Server and 1 more | 2025-03-25 | 7.8 High |
| A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. | ||||
| CVE-2025-24135 | 1 Apple | 1 Macos | 2025-03-25 | 7.8 High |
| This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges. | ||||
| CVE-2024-54564 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-25 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. | ||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2025-03-24 | 7.8 High |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | ||||
| CVE-2025-24176 | 1 Apple | 1 Macos | 2025-03-24 | 7.1 High |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges. | ||||
| CVE-2025-24093 | 1 Apple | 1 Macos | 2025-03-24 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent. | ||||
| CVE-2024-51440 | 2025-03-22 | 7.8 High | ||
| An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. | ||||
| CVE-2025-24915 | 2025-03-22 | 7.8 High | ||
| When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | ||||
| CVE-2023-1809 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | ||||
| CVE-2025-27612 | 2025-03-21 | 5.9 Medium | ||
| libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder. | ||||
| CVE-2022-45454 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2025-03-21 | 7.5 High |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. | ||||
| CVE-2023-29162 | 1 Intel | 2 Cplusplus Compiler Classic, Oneapi Toolkits | 2025-03-20 | 6 Medium |
| Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-44135 | 1 Apple | 1 Macos | 2025-03-19 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container. | ||||
| CVE-2024-2859 | 1 Broadcom | 1 Brocade Sannav | 2025-03-19 | 6.8 Medium |
| By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | ||||
| CVE-2023-42928 | 1 Apple | 3 Ios, Ipad Os, Iphone Os | 2025-03-19 | 8.4 High |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges. | ||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | 7.8 High |
| In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40655 | 1 Google | 1 Android | 2025-03-18 | 7.8 High |
| In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-52379 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-18 | 7.5 High |
| Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||