Total
321 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21544 | 1 Oracle | 1 Communications Order And Service Management | 2025-01-22 | 5.4 Medium |
| Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2025-24337 | 2025-01-21 | 8.4 High | ||
| WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. | ||||
| CVE-2024-2819 | 1 Hitachi | 1 Ops Center Common Services | 2025-01-21 | 5.1 Medium |
| Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. | ||||
| CVE-2023-31923 | 1 Supremainc | 1 Biostar 2 | 2025-01-21 | 8.8 High |
| Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. | ||||
| CVE-2025-22620 | 2025-01-21 | 5 Medium | ||
| gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0. | ||||
| CVE-2024-46310 | 2025-01-16 | 9.1 Critical | ||
| Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint | ||||
| CVE-2023-28161 | 1 Mozilla | 1 Firefox | 2025-01-09 | 8.8 High |
| If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. | ||||
| CVE-2024-53934 | 2025-01-08 | 7.7 High | ||
| The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component. | ||||
| CVE-2024-46622 | 2025-01-07 | 9.8 Critical | ||
| An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion. | ||||
| CVE-2023-42867 | 1 Apple | 1 Garageband | 2025-01-06 | 7.8 High |
| This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges. | ||||
| CVE-2024-44211 | 1 Apple | 1 Macos | 2025-01-06 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | ||||
| CVE-2024-44223 | 1 Apple | 1 Macos | 2025-01-06 | 4.6 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window. | ||||
| CVE-2024-56317 | 2025-01-02 | 7.5 High | ||
| In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service. | ||||
| CVE-2024-22177 | 1 Openatom | 1 Openharmony | 2025-01-02 | 3.3 Low |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. | ||||
| CVE-2024-37649 | 2024-12-31 | 4.6 Medium | ||
| Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials. | ||||
| CVE-2024-54515 | 1 Apple | 1 Macos | 2024-12-21 | 7.8 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-54465 | 1 Apple | 1 Macos | 2024-12-21 | 9.8 Critical |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges. | ||||
| CVE-2024-21816 | 1 Openatom | 1 Openharmony | 2024-12-16 | 4 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. | ||||
| CVE-2024-41644 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 9.8 Critical |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | ||||
| CVE-2024-41645 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 9.8 Critical |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | ||||