Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5967 | 2024-09-09 | N/A | N/A | ||
| A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain. | |||||
| CVE-2023-42774 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 5.5 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. | |||||
| CVE-2023-3116 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 7.1 HIGH |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. | |||||
| CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2024-09-06 | N/A | 7.8 HIGH |
| Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | |||||
| CVE-2024-26025 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2024-09-06 | N/A | 7.8 HIGH |
| Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-27461 | 1 Intel | 1 Memory And Storage Tool Gui | 2024-09-06 | N/A | 5.5 MEDIUM |
| Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-34648 | 1 Samsung | 1 Android | 2024-09-05 | N/A | 5.5 MEDIUM |
| Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | |||||
| CVE-2024-34661 | 1 Samsung | 1 Assistant | 2024-09-05 | N/A | 4.3 MEDIUM |
| Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-23495 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-48648 | 1 Concretecms | 1 Concrete Cms | 2024-08-29 | N/A | 9.8 CRITICAL |
| Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | |||||
| CVE-2024-6974 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 7.8 HIGH |
| Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34. | |||||
| CVE-2024-3779 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2024-08-21 | N/A | 5.5 MEDIUM |
| Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. | |||||
| CVE-2024-42681 | 1 Xuxueli | 1 Xxl-job | 2024-08-19 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | |||||
| CVE-2024-34616 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 5.5 MEDIUM |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | |||||
| CVE-2024-34617 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 3.3 LOW |
| Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | |||||
| CVE-2024-7525 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.1 HIGH |
| It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-34012 | 1 Acronis | 1 Cloud Manager | 2024-08-07 | N/A | 4.4 MEDIUM |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. | |||||
| CVE-2022-36640 | 1 Influxdata | 1 Influxdb | 2024-08-03 | N/A | 9.8 CRITICAL |
| influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization. | |||||
| CVE-2023-42261 | 1 Opensecurity | 1 Mobile Security Framework | 2024-08-02 | N/A | 7.5 HIGH |
| Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server. | |||||
| CVE-2024-35139 | 1 Ibm | 1 Security Access Manager | 2024-08-01 | N/A | 5.5 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. | |||||