Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21116 | 2 Linux, Oracle | 2 Linux Kernel, Vm Virtualbox | 2025-03-19 | 7.8 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | 7.8 High |
| In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40655 | 1 Google | 1 Android | 2025-03-18 | 7.8 High |
| In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-52379 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-18 | 7.5 High |
| Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-21532 | 1 Oracle | 1 Analytics Desktop | 2025-03-18 | 7.8 High |
| Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-39924 | 1 Vaultwarden | 1 Vaultwarden | 2025-03-18 | 8.8 High |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. | ||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | 4.3 Medium |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | 4.3 Medium |
| Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-45153 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise Module For Sap Applications, Linux Enterprise Server | 2025-03-18 | 7 High |
| An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. | ||||
| CVE-2024-49744 | 2025-03-18 | 7.8 High | ||
| In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-48822 | 1 Automatic Systems | 1 Maintenance Slimlane | 2025-03-18 | 8.8 High |
| Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. | ||||
| CVE-2021-34182 | 1 Ttyd Project | 1 Ttyd | 2025-03-18 | 9.8 Critical |
| An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | ||||
| CVE-2021-34164 | 1 Lizhifaka Project | 1 Lizhifaka | 2025-03-18 | 8.8 High |
| Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | ||||
| CVE-2021-37000 | 1 Huawei | 1 Harmonyos | 2025-03-18 | 7.7 High |
| Some Huawei wearables have a permission management vulnerability. | ||||
| CVE-2025-24399 | 2025-03-18 | 8.8 High | ||
| Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins. | ||||
| CVE-2024-55959 | 2025-03-18 | 9.1 Critical | ||
| Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | ||||
| CVE-2024-49737 | 2025-03-18 | 7.8 High | ||
| In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-44151 | 1 Apple | 1 Macos | 2025-03-18 | 6.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-43765 | 2025-03-18 | 7.8 High | ||
| In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-40792 | 1 Apple | 1 Macos | 2025-03-18 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings. | ||||