Total
1372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55957 | 2025-03-14 | 7.8 High | ||
| In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. | ||||
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | 5.5 Medium |
| Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. | ||||
| CVE-2024-30977 | 1 Secnet Security Network Intelligent Ac Management System | 1 Secnet Security Network Intelligent Ac Management System | 2025-03-13 | 7.8 High |
| An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. | ||||
| CVE-2024-44228 | 1 Apple | 1 Xcode | 2025-03-13 | 7.5 High |
| This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | ||||
| CVE-2023-52545 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-44786 | 1 Meabillis Cms | 1 Meabillis Cms | 2025-03-13 | 7.5 High |
| Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. | ||||
| CVE-2024-30415 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 9.1 Critical |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52717 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 5.3 Medium |
| Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52362 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2022-40232 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-03-12 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. | ||||
| CVE-2023-25540 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-11 | 6 Medium |
| Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | ||||
| CVE-2025-27926 | 2025-03-11 | 4.3 Medium | ||
| In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. | ||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | ||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | 7.5 High |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | ||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | ||||
| CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2025-03-07 | 7.3 High |
| Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | ||||
| CVE-2020-36652 | 2 Hitachi, Linux | 6 Automation Director, Infrastructure Analytics Advisor, Ops Center Analyzer and 3 more | 2025-03-07 | 6.6 Medium |
| Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00. | ||||
| CVE-2025-24864 | 2025-03-06 | N/A | ||
| Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | ||||
| CVE-2025-22447 | 2025-03-06 | N/A | ||
| Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | ||||
| CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | ||||