Total
1351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4020 | 1 Acer | 10 Aspire A115-21, Aspire A115-21 Firmware, Aspire A315-22 and 7 more | 2025-04-14 | 8.1 High |
| Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. | ||||
| CVE-2019-9579 | 3 Illumos, Nexenta, Oracle | 3 Illumos, Nexentastor, Solaris | 2025-04-14 | 8.1 High |
| An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream). | ||||
| CVE-2016-5425 | 3 Apache, Oracle, Redhat | 10 Tomcat, Instantis Enterprisetrack, Linux and 7 more | 2025-04-12 | 7.8 High |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | ||||
| CVE-2015-7985 | 1 Valvesoftware | 1 Steam Client | 2025-04-12 | N/A |
| Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | ||||
| CVE-2015-7378 | 1 Watchguard | 1 Panda Url Filtering | 2025-04-12 | 7.8 High |
| Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | ||||
| CVE-2016-3943 | 1 Watchguard | 1 Panda Endpoint Administration Agent | 2025-04-12 | 7.8 High |
| Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | ||||
| CVE-2024-57548 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | 9.1 Critical |
| CMSimple 5.16 allows the user to edit log.php file via print page. | ||||
| CVE-2025-23386 | 2025-04-11 | 7.8 High | ||
| A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. | ||||
| CVE-2011-1435 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension. | ||||
| CVE-2011-2782 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | N/A |
| The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2011-2859 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | ||||
| CVE-2010-4176 | 3 Dracut Project, Fedoraproject, Udev Project | 3 Dracut, Fedora, Udev | 2025-04-11 | N/A |
| plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | ||||
| CVE-2011-4361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2025-04-11 | N/A |
| MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | ||||
| CVE-2013-0632 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 9.8 Critical |
| administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | ||||
| CVE-2012-4453 | 3 Dracut Project, Fedoraproject, Redhat | 6 Dracut, Fedora, Enterprise Linux and 3 more | 2025-04-11 | N/A |
| dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | ||||
| CVE-2013-4394 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2025-04-11 | N/A |
| The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | ||||
| CVE-2023-28724 | 1 F5 | 3 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring | 2025-04-10 | 7.1 High |
| NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-1605 | 2025-04-10 | 6.6 Medium | ||
| BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. | ||||
| CVE-2022-46761 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 7.5 High |
| The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. | ||||
| CVE-2024-0259 | 2 Fortra, Microsoft | 2 Robot Schedule, Windows | 2025-04-09 | 7.3 High |
| Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges. | ||||