Vulnerabilities (CVE)

Filtered by CWE-732
Total 1208 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4565 1 Huawei 2 Emui, Harmonyos 2024-09-25 N/A 5.3 MEDIUM
Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.
CVE-2024-30369 1 A10networks 1 Advanced Core Operating System 2024-09-24 N/A 7.8 HIGH
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.
CVE-2022-43915 1 Ibm 1 App Connect Enterprise Certified Container 2024-09-21 N/A 8.1 HIGH
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.
CVE-2023-47712 2024-09-20 N/A 7.8 HIGH
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.
CVE-2024-29964 2024-09-18 N/A 5.7 MEDIUM
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
CVE-2024-45041 1 External-secrets 1 External Secrets Operator 2024-09-18 N/A 8.8 HIGH
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2.
CVE-2024-8039 2024-09-17 N/A 9.8 CRITICAL
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
CVE-2021-20326 1 Mongodb 1 Mongodb 2024-09-17 4.0 MEDIUM 6.5 MEDIUM
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.
CVE-2021-35248 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-09-16 4.0 MEDIUM 4.3 MEDIUM
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
CVE-2022-22521 1 Miele 1 Benchmark Programming Tool 2024-09-16 6.9 MEDIUM 7.3 HIGH
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.
CVE-2024-25561 1 Intel 10 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 and 7 more 2024-09-12 N/A 7.8 HIGH
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23908 1 Intel 1 Flexlm License Daemons For Intel Fpga 2024-09-12 N/A 7.8 HIGH
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21902 1 Qnap 2 Qts, Quts Hero 2024-09-11 N/A 8.1 HIGH
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
CVE-2024-41171 2024-09-10 N/A 8.8 HIGH
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system.
CVE-2023-4332 1 Broadcom 1 Raid Controller Web Interface 2024-09-05 N/A 7.5 HIGH
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
CVE-2024-41954 1 Fogproject 1 Fogproject 2024-09-05 N/A 7.8 HIGH
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41.
CVE-2024-38456 2024-09-03 N/A 7.8 HIGH
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
CVE-2023-28134 1 Checkpoint 1 Endpoint Security 2024-09-03 N/A 7.8 HIGH
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-41720 1 Zexelon 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware 2024-08-30 N/A 8.0 HIGH
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
CVE-2023-52107 1 Huawei 2 Emui, Harmonyos 2024-08-29 N/A 7.5 HIGH
Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.