Total
1351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2025-01-30 | 8.8 High |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | ||||
| CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2025-01-29 | 9.8 Critical |
| An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | ||||
| CVE-2023-22651 | 1 Suse | 1 Rancher | 2025-01-29 | 9.9 Critical |
| Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. | ||||
| CVE-2023-28192 | 1 Apple | 1 Macos | 2025-01-29 | 5.5 Medium |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. | ||||
| CVE-2024-25958 | 1 Dell | 2 Grab, Grab For Windows | 2025-01-28 | 6.7 Medium |
| Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption. | ||||
| CVE-2024-22062 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 6.3 Medium |
| There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration. | ||||
| CVE-2022-33196 | 2 Intel, Redhat | 274 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 271 more | 2025-01-27 | 7.2 High |
| Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36397 | 1 Intel | 1 Quickassist Technology | 2025-01-27 | 7.3 High |
| Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41687 | 2 Intel, Microsoft | 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more | 2025-01-27 | 6.7 Medium |
| Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27382 | 2 Intel, Microsoft | 2 Nuc P14e Laptop Element, Windows 10 | 2025-01-27 | 6.7 Medium |
| Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-30338 | 1 Intel | 1 Virtual Raid On Cpu | 2025-01-27 | 6.7 Medium |
| Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-40971 | 1 Intel | 1 Nuc Hdmi Firmware Update Tool | 2025-01-27 | 6.7 Medium |
| Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36391 | 1 Intel | 1 Nuc Pro Software Suite | 2025-01-27 | 6.7 Medium |
| Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-21107 | 1 Google | 1 Android | 2025-01-24 | 7.8 High |
| In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017 | ||||
| CVE-2023-21104 | 1 Google | 1 Android | 2025-01-24 | 5.5 Medium |
| In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 | ||||
| CVE-2023-22440 | 1 Intel | 1 Setup And Configuration Software | 2025-01-24 | 6.7 Medium |
| Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33963 | 1 Intel | 1 Unite | 2025-01-24 | 6.7 Medium |
| Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32996 | 1 Jenkins | 1 Saml Single Sign-on | 2025-01-23 | 4.3 Medium |
| A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | ||||
| CVE-2024-11598 | 1 Ivanti | 1 Application Control | 2025-01-23 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-11597 | 1 Ivanti | 1 Performance Manager | 2025-01-23 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. | ||||