Total
1311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52362 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-27926 | 2025-03-10 | N/A | 4.3 MEDIUM | ||
| In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. | |||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | N/A | 7.5 HIGH |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | |||||
| CVE-2025-24864 | 2025-03-06 | N/A | 7.8 HIGH | ||
| Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | |||||
| CVE-2025-22447 | 2025-03-06 | N/A | 7.8 HIGH | ||
| Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | |||||
| CVE-2022-25899 | 1 Intel | 1 Open Active Management Technology Cloud Toolkit | 2025-02-25 | N/A | 9.8 CRITICAL |
| Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-26344 | 1 Intel | 1 Single Event Api | 2025-02-25 | N/A | 7.8 HIGH |
| Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-56525 | 2025-02-25 | N/A | 9.8 CRITICAL | ||
| In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin. | |||||
| CVE-2024-55930 | 2025-02-24 | N/A | 6.7 MEDIUM | ||
| Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | |||||
| CVE-2025-21106 | 2025-02-20 | N/A | 5.5 MEDIUM | ||
| Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system. | |||||
| CVE-2024-20841 | 1 Samsung | 1 Account | 2025-02-14 | N/A | 5.1 MEDIUM |
| Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. | |||||
| CVE-2023-42501 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 4.3 MEDIUM |
| Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. | |||||
| CVE-2022-43702 | 1 Arm | 6 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 3 more | 2025-02-13 | N/A | 7.8 HIGH |
| When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | |||||
| CVE-2022-43701 | 1 Arm | 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more | 2025-02-13 | N/A | 7.8 HIGH |
| When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. | |||||
| CVE-2020-21514 | 1 Fluentd | 2 Fluentd, Fluentd-ui | 2025-02-13 | N/A | 8.8 HIGH |
| An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. | |||||
| CVE-2023-25355 | 1 Coredial | 1 Sipxcom | 2025-02-13 | N/A | 8.8 HIGH |
| CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. | |||||
| CVE-2024-42419 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-32942 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-1155 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2025-02-12 | N/A | 7.8 HIGH |
| Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-1156 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2025-02-12 | N/A | 7.8 HIGH |
| Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. | |||||