Total
216 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6335 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more | 2024-11-21 | 3.3 LOW | N/A |
| The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2005-1920 | 2 Debian, Kde | 2 Debian Linux, Kde | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | |||||
| CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | |||||
| CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | |||||
| CVE-2001-0195 | 1 Debian | 1 Debian Linux | 2024-11-20 | 2.1 LOW | 7.8 HIGH |
| sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. | |||||
| CVE-2024-52522 | 2024-11-18 | N/A | 5.5 MEDIUM | ||
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2. | |||||
| CVE-2024-29080 | 2024-11-13 | N/A | 6.5 MEDIUM | ||
| Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. | |||||
| CVE-2024-28152 | 2024-11-07 | N/A | 6.3 MEDIUM | ||
| In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server. | |||||
| CVE-2024-33921 | 2024-11-07 | N/A | 4.3 MEDIUM | ||
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | |||||
| CVE-2024-23560 | 2024-11-06 | N/A | 4.4 MEDIUM | ||
| HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | |||||
| CVE-2023-49932 | 2024-11-05 | N/A | 5.4 MEDIUM | ||
| An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions. | |||||
| CVE-2024-3545 | 2024-11-04 | N/A | 4.3 MEDIUM | ||
| Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. | |||||
| CVE-2024-10458 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-10-31 | N/A | 7.5 HIGH |
| A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | |||||
| CVE-2023-34034 | 1 Vmware | 1 Spring Security | 2024-10-28 | N/A | 9.8 CRITICAL |
| Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | |||||
| CVE-2023-47463 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2024-10-16 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function. | |||||
| CVE-2024-9333 | 2024-10-04 | N/A | N/A | ||
| Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation | |||||
| CVE-2023-41939 | 1 Jenkins | 1 Ssh2 Easy | 2024-09-26 | N/A | 8.8 HIGH |
| Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to. | |||||
| CVE-2024-44188 | 1 Apple | 1 Macos | 2024-09-24 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | |||||
| CVE-2024-40859 | 1 Apple | 1 Macos | 2024-09-24 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | |||||
| CVE-2024-44149 | 1 Apple | 1 Macos | 2024-09-24 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | |||||