Total
1337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27612 | 2025-03-21 | N/A | 5.9 MEDIUM | ||
| libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder. | |||||
| CVE-2025-24915 | 2025-03-21 | N/A | 7.8 HIGH | ||
| When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | |||||
| CVE-2023-29162 | 2025-03-20 | N/A | 6.0 MEDIUM | ||
| Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-44135 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container. | |||||
| CVE-2024-2859 | 2025-03-19 | N/A | 6.8 MEDIUM | ||
| By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | |||||
| CVE-2023-42928 | 1 Apple | 2 Ipad Os, Iphone Os | 2025-03-19 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges. | |||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
| In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40655 | 1 Google | 1 Android | 2025-03-18 | N/A | 7.8 HIGH |
| In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-52379 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-18 | N/A | 7.5 HIGH |
| Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | N/A | 4.3 MEDIUM |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | N/A | 4.3 MEDIUM |
| Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2024-48822 | 2025-03-18 | N/A | 8.8 HIGH | ||
| Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. | |||||
| CVE-2021-34182 | 1 Ttyd Project | 1 Ttyd | 2025-03-18 | N/A | 9.8 CRITICAL |
| An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | |||||
| CVE-2021-34164 | 1 Lizhifaka Project | 1 Lizhifaka | 2025-03-18 | N/A | 8.8 HIGH |
| Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | |||||
| CVE-2021-37000 | 1 Huawei | 1 Harmonyos | 2025-03-18 | N/A | 7.7 HIGH |
| Some Huawei wearables have a permission management vulnerability. | |||||
| CVE-2024-55959 | 2025-03-18 | N/A | 9.1 CRITICAL | ||
| Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | |||||
| CVE-2024-44151 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-40792 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings. | |||||
| CVE-2024-10469 | 1 Cert | 1 Vince | 2025-03-17 | N/A | 6.5 MEDIUM |
| VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. | |||||
| CVE-2024-51162 | 2025-03-17 | N/A | 8.8 HIGH | ||
| An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more. | |||||