Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8219 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 4.0 MEDIUM | 7.2 HIGH |
| An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. | |||||
| CVE-2022-28932 | 1 Dlink | 2 Dsl-g2452dg, Dsl-g2452dg Firmware | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | |||||
| CVE-2002-1844 | 2 Microsoft, Oracle | 2 Windows Media Player, Solaris | 2024-02-08 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | |||||
| CVE-1999-0426 | 1 Suse | 1 Suse Linux | 2024-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. | |||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2024-02-08 | 2.1 LOW | 5.5 MEDIUM |
| The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | |||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2024-02-08 | 4.6 MEDIUM | 7.8 HIGH |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | |||||
| CVE-2024-21840 | 1 Hitachi | 1 Storage Plug-in | 2024-02-06 | N/A | 7.1 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2. | |||||
| CVE-2024-22430 | 1 Dell | 1 Powerscale Onefs | 2024-02-03 | N/A | 5.5 MEDIUM |
| Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2023-29081 | 1 Flexera | 1 Installshield | 2024-02-01 | N/A | 5.5 MEDIUM |
| A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. | |||||
| CVE-2023-29244 | 1 Intel | 1 Nuc P14e Laptop Element | 2024-01-30 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-2735 | 2 Clusterlabs, Debian | 2 Pcs, Debian Linux | 2024-01-25 | N/A | 7.8 HIGH |
| A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS. | |||||
| CVE-2005-1941 | 1 Silvercity Project | 1 Silvercity | 2024-01-25 | 3.7 LOW | 7.8 HIGH |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | |||||
| CVE-2023-20043 | 1 Cisco | 1 Cx Cloud Agent | 2024-01-25 | N/A | 6.7 MEDIUM |
| A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device. | |||||
| CVE-2023-20178 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2024-01-25 | N/A | 7.8 HIGH |
| A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. | |||||
| CVE-2024-22409 | 1 Datahub Project | 1 Datahub | 2024-01-25 | N/A | 8.8 HIGH |
| DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade. | |||||
| CVE-2024-22428 | 1 Dell | 1 Emc Idrac Service Module | 2024-01-23 | N/A | 7.8 HIGH |
| Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity. | |||||
| CVE-2023-6457 | 1 Hitachi | 1 Tuning Manager | 2024-01-22 | N/A | 7.1 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04. | |||||
| CVE-2022-45793 | 1 Omron | 1 Automation Software Sysmac Studio | 2024-01-22 | N/A | 7.8 HIGH |
| Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. | |||||
| CVE-2020-1571 | 1 Microsoft | 1 Windows 10 | 2024-01-19 | 7.2 HIGH | 7.3 HIGH |
| An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions. | |||||
| CVE-2021-3981 | 2 Fedoraproject, Gnu | 2 Fedora, Grub2 | 2024-01-16 | 2.1 LOW | 3.3 LOW |
| A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. | |||||