Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29919 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-01-17 | N/A | 9.1 CRITICAL |
| SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | |||||
| CVE-2024-57684 | 2025-01-16 | N/A | 9.8 CRITICAL | ||
| An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | |||||
| CVE-2019-17365 | 1 Nixos | 1 Nix | 2025-01-15 | 4.6 MEDIUM | 7.8 HIGH |
| Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | |||||
| CVE-2018-13286 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2019-3870 | 3 Fedoraproject, Samba, Synology | 9 Fedora, Samba, Directory Server and 6 more | 2025-01-14 | 3.6 LOW | 6.1 MEDIUM |
| A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. | |||||
| CVE-2023-33291 | 1 Ebankit | 1 Ebankit | 2025-01-14 | N/A | 7.4 HIGH |
| In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.) | |||||
| CVE-2023-29733 | 1 Dualspace | 1 Lock Master | 2025-01-14 | N/A | 7.8 HIGH |
| The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack. | |||||
| CVE-2024-56447 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 7.8 HIGH |
| Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-56440 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-29731 | 1 Loka | 1 Solive | 2025-01-13 | N/A | 7.5 HIGH |
| SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. | |||||
| CVE-2023-52954 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 4.4 MEDIUM |
| Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-32861 | 2025-01-13 | N/A | 7.8 HIGH | ||
| Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions. | |||||
| CVE-2024-55225 | 2025-01-10 | N/A | 9.8 CRITICAL | ||
| An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request. | |||||
| CVE-2024-46464 | 2025-01-10 | N/A | 7.8 HIGH | ||
| In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege. | |||||
| CVE-2022-45853 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2025-01-10 | N/A | 6.7 MEDIUM |
| The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH. | |||||
| CVE-2023-29732 | 1 Loka | 1 Solive | 2025-01-09 | N/A | 9.8 CRITICAL |
| SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions. | |||||
| CVE-2024-43176 | 2025-01-09 | N/A | 5.4 MEDIUM | ||
| IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | |||||
| CVE-2024-13206 | 2025-01-09 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13188 | 2025-01-08 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-43902 | 1 Emsigner | 1 Emsigner | 2025-01-08 | N/A | 9.8 CRITICAL |
| Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token. | |||||