Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29962 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 5.5 MEDIUM |
| Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary. | |||||
| CVE-2024-29967 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 4.4 MEDIUM |
| In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files. | |||||
| CVE-2024-40514 | 2025-02-03 | N/A | 4.6 MEDIUM | ||
| Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | |||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2025-02-03 | N/A | 7.8 HIGH |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | |||||
| CVE-2025-24140 | 1 Apple | 1 Macos | 2025-02-03 | N/A | 5.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied. | |||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 8.7 HIGH |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | |||||
| CVE-2024-52783 | 2025-02-03 | N/A | 5.1 MEDIUM | ||
| Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. | |||||
| CVE-2024-27134 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | N/A | 7.0 HIGH |
| Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called. | |||||
| CVE-2025-24891 | 2025-01-31 | N/A | 9.6 CRITICAL | ||
| Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upon certain service actions. As the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access. Otherwise, anybody with a PIN. | |||||
| CVE-2022-38583 | 1 Sage | 1 Sage 300 | 2025-01-31 | N/A | 7.8 HIGH |
| On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | |||||
| CVE-2024-1488 | 2 Fedoraproject, Redhat | 19 Unbound, Codeready Linux Builder, Codeready Linux Builder Eus and 16 more | 2025-01-30 | N/A | 8.0 HIGH |
| A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | |||||
| CVE-2023-27035 | 1 Obsidian | 1 Obsidian | 2025-01-30 | N/A | 6.5 MEDIUM |
| An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | |||||
| CVE-2022-4568 | 1 Lenovo | 1 System Update | 2025-01-30 | N/A | 7.0 HIGH |
| A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | |||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2025-01-30 | N/A | 8.8 HIGH |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | |||||
| CVE-2025-24795 | 2025-01-29 | N/A | 4.4 MEDIUM | ||
| The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1. | |||||
| CVE-2025-24788 | 2025-01-29 | N/A | 5.0 MEDIUM | ||
| snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0. | |||||
| CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2025-01-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | |||||
| CVE-2025-24790 | 2025-01-29 | N/A | 4.4 MEDIUM | ||
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0. | |||||
| CVE-2023-22651 | 1 Suse | 1 Rancher | 2025-01-29 | N/A | 9.9 CRITICAL |
| Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. | |||||
| CVE-2023-28192 | 1 Apple | 1 Macos | 2025-01-29 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. | |||||