Total
1208 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4565 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 5.3 MEDIUM |
Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable. | |||||
CVE-2024-30369 | 1 A10networks | 1 Advanced Core Operating System | 2024-09-24 | N/A | 7.8 HIGH |
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754. | |||||
CVE-2022-43915 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2024-09-21 | N/A | 8.1 HIGH |
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges. | |||||
CVE-2023-47712 | 2024-09-20 | N/A | 7.8 HIGH | ||
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. | |||||
CVE-2024-29964 | 2024-09-18 | N/A | 5.7 MEDIUM | ||
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | |||||
CVE-2024-45041 | 1 External-secrets | 1 External Secrets Operator | 2024-09-18 | N/A | 8.8 HIGH |
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2. | |||||
CVE-2024-8039 | 2024-09-17 | N/A | 9.8 CRITICAL | ||
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. | |||||
CVE-2021-20326 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 4.0 MEDIUM | 6.5 MEDIUM |
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4. | |||||
CVE-2021-35248 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-09-16 | 4.0 MEDIUM | 4.3 MEDIUM |
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | |||||
CVE-2022-22521 | 1 Miele | 1 Benchmark Programming Tool | 2024-09-16 | 6.9 MEDIUM | 7.3 HIGH |
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin. | |||||
CVE-2024-25561 | 1 Intel | 10 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 and 7 more | 2024-09-12 | N/A | 7.8 HIGH |
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-23908 | 1 Intel | 1 Flexlm License Daemons For Intel Fpga | 2024-09-12 | N/A | 7.8 HIGH |
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-21902 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.1 HIGH |
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | |||||
CVE-2024-41171 | 2024-09-10 | N/A | 8.8 HIGH | ||
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system. | |||||
CVE-2023-4332 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-09-05 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | |||||
CVE-2024-41954 | 1 Fogproject | 1 Fogproject | 2024-09-05 | N/A | 7.8 HIGH |
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41. | |||||
CVE-2024-38456 | 2024-09-03 | N/A | 7.8 HIGH | ||
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
CVE-2023-28134 | 1 Checkpoint | 1 Endpoint Security | 2024-09-03 | N/A | 7.8 HIGH |
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2024-41720 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2024-08-30 | N/A | 8.0 HIGH |
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. | |||||
CVE-2023-52107 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-29 | N/A | 7.5 HIGH |
Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. |