Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49582 | 1 Apache | 1 Portable Runtime | 2025-03-13 | N/A | 5.5 MEDIUM |
| Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue. | |||||
| CVE-2024-24117 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. | |||||
| CVE-2023-24205 | 1 Clash Project | 1 Clash | 2025-03-12 | N/A | 9.8 CRITICAL |
| Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | |||||
| CVE-2025-22454 | 2025-03-11 | N/A | 7.8 HIGH | ||
| Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2025-1067 | 1 Esri | 2 Arcgis Allsource, Arcgis Pro | 2025-03-04 | N/A | 7.3 HIGH |
| There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the file could execute and run malicious commands under the context of the victim. This issue is addressed in ArcGIS Pro 3.3.3 and 3.4.1. | |||||
| CVE-2023-49257 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-03-03 | N/A | 8.8 HIGH |
| An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | |||||
| CVE-2025-27141 | 1 Metabase | 1 Metabase | 2025-02-28 | N/A | 6.5 MEDIUM |
| Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see results of cached questions, even if their permissions don’t allow them to see the data. If some user runs a question which gets cached, and then an impersonated user runs that question, then the impersonated user sees the same results as the previous user. These cached results may include data the impersonated user should not have access to. This vulnerability only impacts the Enterprise Edition of Metabase and not the Open Source Edition. Versions 1.53.2, 1.52.11, 1.51.14, and 1.50.36 contains a patch. Versions on the 1.49.X, 1.48.X, and 1.47.X branches are vulnerable but do not have a patch available, so users should upgrade to a major version with an available fix. Disabling question caching is a workaround for this issue. | |||||
| CVE-2023-27095 | 1 Opengoofy | 1 Hippo4j | 2025-02-26 | N/A | 6.5 MEDIUM |
| Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | |||||
| CVE-2024-25561 | 1 Intel | 19 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 16 more | 2025-02-25 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-24527 | 2025-02-24 | N/A | 8.0 HIGH | ||
| An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. | |||||
| CVE-2024-13813 | 1 Ivanti | 1 Secure Access Client | 2025-02-20 | N/A | 7.1 HIGH |
| Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | |||||
| CVE-2025-0064 | 2025-02-18 | N/A | 8.7 HIGH | ||
| Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability. | |||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2025-02-18 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | |||||
| CVE-2023-38037 | 2025-02-15 | N/A | 5.5 MEDIUM | ||
| ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
| CVE-2021-23874 | 1 Mcafee | 1 Total Protection | 2025-02-14 | 4.6 MEDIUM | 8.2 HIGH |
| Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. | |||||
| CVE-2023-0944 | 1 Imaworldhealth | 1 Bhima | 2025-02-13 | N/A | 4.3 MEDIUM |
| Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. | |||||
| CVE-2023-50292 | 1 Apache | 1 Solr | 2025-02-13 | N/A | 7.5 HIGH |
| Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue. | |||||
| CVE-2022-22960 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2025-02-12 | 7.2 HIGH | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2023-24626 | 1 Gnu | 1 Screen | 2025-02-12 | N/A | 6.5 MEDIUM |
| socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | |||||
| CVE-2022-43309 | 1 Supermicro | 292 H11dsi, H11dsi-nt, H11dsi-nt Firmware and 289 more | 2025-02-11 | N/A | 5.5 MEDIUM |
| Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | |||||