Total
1291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20095 | 2025-05-13 | N/A | 6.7 MEDIUM | ||
| Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-47550 | 2025-05-13 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28954 | 2025-05-13 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21960 | 2025-05-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2024-36339 | 2025-05-13 | N/A | 7.3 HIGH | ||
| A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2023-31359 | 2025-05-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2025-4660 | 2025-05-13 | N/A | N/A | ||
| A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. | |||||
| CVE-2023-31358 | 2025-05-13 | N/A | 7.3 HIGH | ||
| A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2021-33333 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs. | |||||
| CVE-2021-33327 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. | |||||
| CVE-2021-33334 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration. | |||||
| CVE-2021-33324 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. | |||||
| CVE-2022-36439 | 1 Asus | 3 Asusliveupdate, Asussoftwaremanger, System Control Interface | 2025-05-13 | N/A | 6.0 MEDIUM |
| AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0. | |||||
| CVE-2022-36438 | 1 Asus | 2 Asusswitch, System Control Interface | 2025-05-13 | N/A | 7.8 HIGH |
| AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. | |||||
| CVE-2024-26280 | 1 Apache | 1 Airflow | 2025-05-13 | N/A | 4.7 MEDIUM |
| Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability | |||||
| CVE-2025-3528 | 2025-05-12 | N/A | 8.2 HIGH | ||
| A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. | |||||
| CVE-2022-3368 | 1 Avira | 1 Avira Security | 2025-05-10 | N/A | 7.3 HIGH |
| A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. | |||||
| CVE-2025-46586 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 5.1 MEDIUM |
| Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-46587 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2013-4281 | 1 Redhat | 1 Openshift | 2025-05-09 | N/A | 5.5 MEDIUM |
| In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. | |||||