Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0543 | 2025-02-05 | 7.8 High | ||
| Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. | ||||
| CVE-2025-24107 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-02-05 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-11468 | 2025-02-05 | 7.8 High | ||
| Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. | ||||
| CVE-2023-29923 | 1 Powerjob | 1 Powerjob | 2025-02-05 | 5.3 Medium |
| PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | ||||
| CVE-2022-36377 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2025-02-05 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-35201 | 2 Intel, Microsoft | 3 Sdp Software, Server Debug And Provisioning Tool, Windows | 2025-02-04 | 6.7 Medium |
| Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access. | ||||
| CVE-2023-23976 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | 7.5 High |
| Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | ||||
| CVE-2024-29962 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.5 Medium |
| Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary. | ||||
| CVE-2024-29967 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 4.4 Medium |
| In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files. | ||||
| CVE-2024-40514 | 2025-02-03 | 4.6 Medium | ||
| Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | ||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2025-02-03 | 7.8 High |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | ||||
| CVE-2025-24140 | 1 Apple | 1 Macos | 2025-02-03 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied. | ||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2025-02-03 | 8.7 High |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | ||||
| CVE-2024-52783 | 2025-02-03 | 5.1 Medium | ||
| Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. | ||||
| CVE-2024-27134 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 7 High |
| Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called. | ||||
| CVE-2022-38583 | 1 Sage | 1 Sage 300 | 2025-01-31 | 7.8 High |
| On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | ||||
| CVE-2025-24788 | 2025-01-31 | 5 Medium | ||
| snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0. | ||||
| CVE-2025-24795 | 2025-01-31 | 4.4 Medium | ||
| The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1. | ||||
| CVE-2024-1488 | 2 Fedoraproject, Redhat | 23 Unbound, Codeready Linux Builder, Codeready Linux Builder Eus and 20 more | 2025-01-30 | 8 High |
| A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | ||||
| CVE-2023-29058 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2025-01-30 | 6.4 Medium |
| A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | ||||