Total
1548 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29964 | 2 Broadcom, Brocade | 2 Brocade Sannav, Sannav | 2025-02-04 | 5.7 Medium |
| Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | ||||
| CVE-2024-41974 | 2025-02-03 | 7.1 High | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | ||||
| CVE-2024-39967 | 2025-02-03 | 6.5 Medium | ||
| Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. | ||||
| CVE-2023-31748 | 1 Wondershare | 1 Mobiletrans | 2025-01-31 | 7.8 High |
| Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. | ||||
| CVE-2023-33251 | 2 Lightbend, Linux | 2 Akka Http, Linux Kernel | 2025-01-31 | 4.7 Medium |
| When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | ||||
| CVE-2024-37369 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | 8.8 High |
| A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | ||||
| CVE-2023-0834 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2025-01-30 | 7 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | ||||
| CVE-2024-22334 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-29 | 4.4 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974. | ||||
| CVE-2023-25438 | 1 Genomedics | 1 Millegpg | 2025-01-29 | 7.8 High |
| An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. | ||||
| CVE-2023-30399 | 1 Garo | 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more | 2025-01-29 | 8.1 High |
| Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. | ||||
| CVE-2023-2478 | 1 Gitlab | 1 Gitlab | 2025-01-29 | 9.6 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. | ||||
| CVE-2023-28068 | 1 Dell | 1 Command \| Monitor | 2025-01-29 | 7.3 High |
| Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path | ||||
| CVE-2023-29092 | 1 Samsung | 8 Exynos 1080, Exynos 1080 Firmware, Exynos 5123 and 5 more | 2025-01-28 | 3.1 Low |
| An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface. | ||||
| CVE-2024-25956 | 1 Dell | 1 Grab | 2025-01-28 | 5.5 Medium |
| Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. | ||||
| CVE-2023-25648 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 6.5 Medium |
| There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLLÂ to execute command to escalate local privileges. | ||||
| CVE-2022-25992 | 1 Intel | 1 Oneapi-cli | 2025-01-27 | 7.5 High |
| Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22029 | 2025-01-27 | 7.8 High | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | ||||
| CVE-2022-41658 | 1 Intel | 1 Vtune Profiler | 2025-01-27 | 6.7 Medium |
| Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-46656 | 1 Intel | 1 Nuc Pro Software Suite | 2025-01-27 | 6.7 Medium |
| Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-38103 | 1 Intel | 1 Nuc Software Studio Service | 2025-01-27 | 6.7 Medium |
| Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access | ||||