Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36104 | 1 Ibm | 2 Spectrum Scale Container Native Storage Access, Storage Scale | 2025-08-18 | 6.5 Medium |
| IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol. | ||||
| CVE-2025-9039 | 1 Amazon | 1 Ecs | 2025-08-16 | 4.3 Medium |
| We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. This issue has been addressed in ECS agent version 1.97.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. If customers cannot update to the latest AMI, they can modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678). | ||||
| CVE-2025-3473 | 1 Ibm | 2 Guardium Data Protection, Security Guardium | 2025-08-13 | 6.7 Medium |
| IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. | ||||
| CVE-2025-32797 | 1 Anaconda | 1 Conda-build | 2025-08-11 | 7.0 High |
| Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting conda_build.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window. | ||||
| CVE-2025-29982 | 1 Dell | 1 Wyse Management Suite | 2025-07-13 | 6.8 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2024-36540 | 1 External-secrets | 2 External-secrets, External Secrets Operator | 2025-06-27 | 9.8 Critical |
| Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2024-36539 | 1 Projectcontour | 1 Contour | 2025-06-27 | 9.8 Critical |
| Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2023-38541 | 1 Intel | 1 Hid Event Filter Driver | 2025-06-17 | 6.7 Medium |
| Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2018-25111 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2025-06-16 | 5.1 Medium |
| django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. | ||||
| CVE-2024-22365 | 2 Linux-pam, Redhat | 2 Linux-pam, Enterprise Linux | 2025-06-05 | 5.5 Medium |
| linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | ||||
| CVE-2025-20629 | 2025-05-16 | 6.7 Medium | ||
| Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-22448 | 2025-05-16 | 6.1 Medium | ||
| Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20008 | 2025-05-16 | 7.7 High | ||
| Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-31332 | 2025-04-08 | 6.6 Medium | ||
| Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data. | ||||
| CVE-2024-6605 | 1 Mozilla | 1 Firefox | 2025-04-04 | 8.8 High |
| Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128. | ||||
| CVE-2024-23233 | 1 Apple | 1 Macos | 2025-03-29 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. | ||||
| CVE-2024-51448 | 1 Ibm | 1 Robotic Process Automation | 2025-03-25 | 6.7 Medium |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | ||||
| CVE-2023-28207 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data. | ||||
| CVE-2024-34329 | 1 Entrust | 1 Datacard Xps Card Printer Driver | 2025-03-14 | 8.4 High |
| Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. | ||||
| CVE-2024-36542 | 1 Kumahq | 1 Kuma | 2025-03-13 | 8.8 High |
| Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||