Search Results (1868 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10912 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
CVE-2016-4288 1 Bluestacks 1 Bluestacks 2025-04-20 N/A
A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges.
CVE-2016-2779 1 Kernel 1 Util-linux 2025-04-20 N/A
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVE-2016-2568 2 Freedesktop, Redhat 2 Polkit, Enterprise Linux 2025-04-20 7.8 High
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVE-2016-0394 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
CVE-2015-7781 1 Zohocorp 1 Manageengine Firewall Analyzer 2025-04-20 N/A
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
CVE-2017-14427 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
CVE-2022-48685 1 Logpoint 2 Logpoint, Siem 2025-04-18 7.7 High
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation.
CVE-2024-34221 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-18 8.8 High
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
CVE-2024-34223 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-18 4.3 Medium
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
CVE-2022-45793 1 Omron 1 Automation Software Sysmac Studio 2025-04-17 5.5 Medium
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
CVE-2022-47551 1 Apiman 1 Apiman 2025-04-17 6.5 Medium
Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.
CVE-2020-14521 1 Mitsubishielectric 60 C Controller Interface Module Utility, C Controller Module Setting And Monitoring Tool, Cc-link Ie Control Network Data Collector and 57 more 2025-04-16 8.3 High
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
CVE-2022-26839 1 Deltaww 1 Diaenergie 2025-04-16 7.8 High
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.
CVE-2020-14496 1 Mitsubishielectric 29 Cpu Module Logging Configuration Tool, Cw Configurator, Data Transfer and 26 more 2025-04-16 8.3 High
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
CVE-2022-3263 1 Measuresoft 1 Scadapro Server 2025-04-16 7.8 High
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.
CVE-2024-22085 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 6.2 Medium
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.
CVE-2022-23922 1 Win-911 2 Win-911 2021 R1, Win-911 2021 R2 2025-04-16 5.6 Medium
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.
CVE-2022-23104 1 Win-911 2 Win-911 2021 R1, Win-911 2021 R2 2025-04-16 5.6 Medium
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.
CVE-2021-43986 1 Fanuc 1 Roboguide 2025-04-16 6 Medium
The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.