Total
321 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27888 | 1 Apple | 1 Macos | 2025-02-13 | 5.5 Medium |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2023-31926 | 1 Broadcom | 1 Brocade Fabric Operating System | 2025-02-13 | 7.1 High |
| System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | ||||
| CVE-2023-32400 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-02-13 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. | ||||
| CVE-2021-33990 | 1 Liferay | 1 Liferay Portal | 2025-02-13 | 9.8 Critical |
| Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file. | ||||
| CVE-2023-28642 | 2 Linuxfoundation, Redhat | 6 Runc, Enterprise Linux, Openshift and 3 more | 2025-02-12 | 6.1 Medium |
| runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. | ||||
| CVE-2023-25809 | 2 Linuxfoundation, Redhat | 3 Runc, Enterprise Linux, Openshift | 2025-02-12 | 5 Medium |
| runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. | ||||
| CVE-2023-28647 | 1 Nextcloud | 1 Nextcloud | 2025-02-11 | 4.4 Medium |
| Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-28646 | 1 Nextcloud | 1 Nextcloud | 2025-02-11 | 4.4 Medium |
| Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-0975 | 2 Microsoft, Trellix | 2 Windows, Agent | 2025-02-11 | 8.2 High |
| A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. | ||||
| CVE-2024-36062 | 2025-02-10 | 4 Medium | ||
| The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component. | ||||
| CVE-2024-53355 | 2025-02-07 | 8.8 High | ||
| Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduser route; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/users route; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route. | ||||
| CVE-2025-24087 | 1 Apple | 1 Macos | 2025-02-05 | 5.5 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data. | ||||
| CVE-2024-53994 | 2025-02-04 | 4.3 Medium | ||
| Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings. | ||||
| CVE-2020-36070 | 1 Thecontrolgroup | 1 Voyager | 2025-02-03 | 9.8 Critical |
| Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | ||||
| CVE-2024-54557 | 1 Apple | 1 Macos | 2025-01-31 | 7.5 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system. | ||||
| CVE-2024-54516 | 1 Apple | 1 Macos | 2025-01-31 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent. | ||||
| CVE-2024-52869 | 2025-01-31 | 6 Medium | ||
| Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise. | ||||
| CVE-2022-26024 | 1 Intel | 22 Nuc7i3dnbe, Nuc7i3dnbe Firmware, Nuc7i3dnhe and 19 more | 2025-01-29 | 6.7 Medium |
| Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-24791 | 2025-01-29 | 4.4 Medium | ||
| snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2. | ||||
| CVE-2024-57439 | 2025-01-29 | 4.9 Medium | ||
| An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. | ||||