Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33166 | 1 Intel | 1 Retail Experience Tool | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33129 | 1 Intel | 1 Advisor | 2025-05-05 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0093 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2025-05-05 | 2.1 LOW | 4.4 MEDIUM |
| Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2022-43574 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2025-05-02 | N/A | 7.5 HIGH |
| "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." | |||||
| CVE-2024-57684 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 9.8 CRITICAL |
| An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | |||||
| CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2025-05-02 | N/A | 8.8 HIGH |
| Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | |||||
| CVE-2022-34824 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2025-05-01 | N/A | 9.8 CRITICAL |
| Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-20465 | 1 Google | 1 Android | 2025-05-01 | N/A | 4.6 MEDIUM |
| In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 | |||||
| CVE-2022-20452 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 | |||||
| CVE-2022-20448 | 1 Google | 1 Android | 2025-05-01 | N/A | 5.5 MEDIUM |
| In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 | |||||
| CVE-2022-20441 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 | |||||
| CVE-2024-43430 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.3 MEDIUM |
| A flaw was found in moodle. External API access to Quiz can override contained insufficient access control. | |||||
| CVE-2022-44548 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 4.3 MEDIUM |
| There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. | |||||
| CVE-2024-30204 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2025-05-01 | N/A | 2.8 LOW |
| In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | |||||
| CVE-2022-44561 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. | |||||
| CVE-2022-44557 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-44554 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. | |||||
| CVE-2022-42130 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. | |||||
| CVE-2022-42128 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 5.3 MEDIUM |
| The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. | |||||
| CVE-2022-42127 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 5.3 MEDIUM |
| The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. | |||||