Total
1550 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25956 | 1 Dell | 1 Grab | 2025-01-28 | 5.5 Medium |
| Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. | ||||
| CVE-2023-25648 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 6.5 Medium |
| There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. | ||||
| CVE-2022-25992 | 1 Intel | 1 Oneapi-cli | 2025-01-27 | 7.5 High |
| Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41658 | 1 Intel | 1 Vtune Profiler | 2025-01-27 | 6.7 Medium |
| Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-46656 | 1 Intel | 1 Nuc Pro Software Suite | 2025-01-27 | 6.7 Medium |
| Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-38103 | 1 Intel | 1 Nuc Software Studio Service | 2025-01-27 | 6.7 Medium |
| Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access | ||||
| CVE-2022-41771 | 1 Intel | 1 Quickassist Technology | 2025-01-24 | 6.5 Medium |
| Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-41699 | 1 Intel | 1 Quickassist Technology | 2025-01-24 | 8.2 High |
| Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28522 | 1 Ibm | 1 Api Connect | 2025-01-24 | 4.3 Medium |
| IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | ||||
| CVE-2023-32990 | 1 Jenkins | 1 Azure Vm Agents | 2025-01-23 | 6.5 Medium |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2023-32986 | 1 Jenkins | 1 File Parameters | 2025-01-23 | 8.8 High |
| Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | ||||
| CVE-2023-32303 | 1 Planet | 1 Planet | 2025-01-23 | 5.2 Medium |
| Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand. | ||||
| CVE-2023-32992 | 1 Jenkins | 1 Saml Single Sign On | 2025-01-23 | 8.8 High |
| Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | ||||
| CVE-2024-53932 | 2025-01-23 | 9.1 Critical | ||
| The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. | ||||
| CVE-2024-53931 | 2025-01-23 | 9.1 Critical | ||
| The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | ||||
| CVE-2024-11220 | 1 Openautomationsoftware | 2 Oas Platform, Open Automation Software | 2025-01-23 | 7.8 High |
| A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. | ||||
| CVE-2023-33004 | 1 Jenkins | 1 Tag Profiler | 2025-01-23 | 4.3 Medium |
| A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics. | ||||
| CVE-2023-32979 | 2 Jenkins, Redhat | 2 Email Extension, Openshift | 2025-01-23 | 4.3 Medium |
| Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. | ||||
| CVE-2023-31871 | 1 Opentext | 1 Documentum Content Server | 2025-01-22 | 7.8 High |
| OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. | ||||
| CVE-2023-1692 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | 7.5 High |
| The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | ||||