Total
1351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43629 | 1 Intel | 1 Graphics Performance Analyzers | 2025-01-23 | 7.8 High |
| Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-24460 | 1 Intel | 1 Graphics Performance Analyzers | 2025-01-23 | 8.2 High |
| Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-46505 | 2025-01-23 | 9.1 Critical | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | ||||
| CVE-2023-32999 | 1 Jenkins | 1 Appspider | 2025-01-23 | 4.3 Medium |
| A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | ||||
| CVE-2023-30281 | 1 Storecommander | 1 Scquickaccounting | 2025-01-23 | 7.5 High |
| Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email | ||||
| CVE-2022-45459 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2025-01-22 | 7.5 High |
| Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | ||||
| CVE-2022-45452 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2025-01-22 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | ||||
| CVE-2023-33240 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-01-21 | 7.8 High |
| Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | ||||
| CVE-2024-2819 | 1 Hitachi | 1 Ops Center Common Services | 2025-01-21 | 5.1 Medium |
| Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. | ||||
| CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | 7.5 High |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2024-22889 | 1 Plone | 1 Plone | 2025-01-21 | 5.5 Medium |
| Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. | ||||
| CVE-2023-29838 | 1 Allwaysync | 1 Allwaysync | 2025-01-21 | 7.8 High |
| Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | ||||
| CVE-2023-29919 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-01-17 | 9.8 Critical |
| SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | ||||
| CVE-2019-17365 | 1 Nixos | 1 Nix | 2025-01-15 | 7.8 High |
| Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | ||||
| CVE-2019-3870 | 3 Fedoraproject, Samba, Synology | 9 Fedora, Samba, Directory Server and 6 more | 2025-01-14 | 6.1 Medium |
| A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. | ||||
| CVE-2018-13286 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
| CVE-2023-33291 | 1 Ebankit | 1 Ebankit | 2025-01-14 | 7.4 High |
| In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.) | ||||
| CVE-2023-29733 | 1 Dualspace | 1 Lock Master | 2025-01-14 | 7.8 High |
| The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack. | ||||
| CVE-2024-56447 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 7.8 High |
| Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-56440 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.2 Medium |
| Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||