Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36377 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-41170 | 1 Neoan | 1 Neoan3-template | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. Version 1.1.1 has addressed this vulnerability. Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade. | |||||
| CVE-2021-32725 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. | |||||
| CVE-2021-24032 | 1 Facebook | 1 Zstandard | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. | |||||
| CVE-2021-24031 | 1 Facebook | 1 Zstandard | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. | |||||
| CVE-2020-5343 | 1 Dell | 1 Os Recovery Image For Microsoft Windows 10 | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. | |||||
| CVE-2019-5068 | 4 Canonical, Debian, Mesa3d and 1 more | 4 Ubuntu Linux, Debian Linux, Mesa and 1 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. | |||||
| CVE-2024-45599 | 2024-09-26 | N/A | 3.8 LOW | ||
| Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable. Moreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine. | |||||
| CVE-2024-23908 | 1 Intel | 1 Flexlm License Daemons For Intel Fpga | 2024-09-12 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-42681 | 1 Xuxueli | 1 Xxl-job | 2024-08-19 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | |||||