Total
1503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31874 | 1 Yank-note | 1 Yank Note | 2025-01-14 | N/A | 8.8 HIGH |
| Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). | |||||
| CVE-2024-54910 | 2025-01-14 | N/A | 4.7 MEDIUM | ||
| Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. | |||||
| CVE-2023-28346 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | N/A | 7.3 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials. | |||||
| CVE-2024-11497 | 2025-01-14 | N/A | 8.8 HIGH | ||
| An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | |||||
| CVE-2023-28399 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | N/A | 7.8 HIGH |
| Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program. | |||||
| CVE-2024-47475 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | N/A | 5.0 MEDIUM |
| Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-55411 | 2025-01-08 | N/A | 8.8 HIGH | ||
| An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | |||||
| CVE-2024-49385 | 2025-01-02 | N/A | 5.5 MEDIUM | ||
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736. | |||||
| CVE-2023-35147 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-12-31 | N/A | 6.5 MEDIUM |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. | |||||
| CVE-2020-3503 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2024-12-19 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. | |||||
| CVE-2023-21142 | 1 Google | 1 Android | 2024-12-18 | N/A | 5.5 MEDIUM |
| In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665 | |||||
| CVE-2024-7612 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-18 | N/A | 8.8 HIGH |
| Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | |||||
| CVE-2023-34852 | 1 Publiccms | 1 Publiccms | 2024-12-18 | N/A | 9.8 CRITICAL |
| PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. | |||||
| CVE-2024-45841 | 2024-12-18 | N/A | 6.5 MEDIUM | ||
| Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained. | |||||
| CVE-2024-41647 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | |||||
| CVE-2024-37574 | 2024-12-12 | N/A | 8.2 HIGH | ||
| The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity. | |||||
| CVE-2024-21915 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-12-11 | N/A | 9.0 CRITICAL |
| A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable. | |||||
| CVE-2024-12363 | 2024-12-11 | N/A | 7.1 HIGH | ||
| Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management. | |||||
| CVE-2024-6871 | 1 Gdata-software | 1 Total Security | 2024-12-10 | N/A | 7.8 HIGH |
| G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of autostart tasks. The issue results from incorrect permissions set on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22629. | |||||
| CVE-2024-8256 | 2024-12-10 | N/A | N/A | ||
| In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API. | |||||