Total
1019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1778 | 1 Skype | 1 Skype | 2024-11-20 | 4.6 MEDIUM | N/A |
| Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks. | |||||
| CVE-2002-1844 | 2 Microsoft, Oracle | 2 Windows Media Player, Solaris | 2024-11-20 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | |||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2024-11-20 | 2.1 LOW | 5.5 MEDIUM |
| The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | |||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2024-11-20 | 4.6 MEDIUM | 7.8 HIGH |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | |||||
| CVE-1999-0426 | 1 Suse | 1 Suse Linux | 2024-11-20 | 10.0 HIGH | 9.8 CRITICAL |
| The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. | |||||
| CVE-2023-21270 | 2024-11-20 | N/A | 7.8 HIGH | ||
| In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9432 | 2024-11-20 | N/A | 7.8 HIGH | ||
| In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-48292 | 2024-11-19 | N/A | 8.8 HIGH | ||
| An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | |||||
| CVE-2024-48293 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | |||||
| CVE-2024-51051 | 2024-11-19 | N/A | 9.8 CRITICAL | ||
| AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | |||||
| CVE-2024-51765 | 2024-11-19 | N/A | 5.5 MEDIUM | ||
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | |||||
| CVE-2024-51764 | 2024-11-19 | N/A | 5.5 MEDIUM | ||
| A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | |||||
| CVE-2017-13311 | 2024-11-19 | N/A | 7.8 HIGH | ||
| In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2017-13310 | 2024-11-19 | N/A | 7.8 HIGH | ||
| In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-52867 | 2024-11-19 | N/A | 8.1 HIGH | ||
| guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability. | |||||
| CVE-2017-13314 | 2024-11-19 | N/A | 7.8 HIGH | ||
| In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2017-13312 | 2024-11-19 | N/A | 7.8 HIGH | ||
| In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52717 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-52926 | 2024-11-18 | N/A | 7.3 HIGH | ||
| Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. | |||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | N/A | 7.5 HIGH |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | |||||