Total
1321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50975 | 1 Td | 1 Advanced Dashboard | 2025-05-06 | N/A | 8.4 HIGH |
| The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information. | |||||
| CVE-2022-27500 | 1 Intel | 1 Support | 2025-05-05 | N/A | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21204 | 1 Intel | 1 Quartus Prime | 2025-05-05 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-44470 | 1 Intel | 1 Connect M | 2025-05-05 | N/A | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33166 | 1 Intel | 1 Retail Experience Tool | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33129 | 1 Intel | 1 Advisor | 2025-05-05 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0093 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2025-05-05 | 2.1 LOW | 4.4 MEDIUM |
| Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2022-43574 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2025-05-02 | N/A | 7.5 HIGH |
| "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." | |||||
| CVE-2024-57684 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | N/A | 9.8 CRITICAL |
| An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | |||||
| CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2025-05-02 | N/A | 8.8 HIGH |
| Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | |||||
| CVE-2022-34824 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2025-05-01 | N/A | 9.8 CRITICAL |
| Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-20465 | 1 Google | 1 Android | 2025-05-01 | N/A | 4.6 MEDIUM |
| In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 | |||||
| CVE-2022-20452 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 | |||||
| CVE-2022-20448 | 1 Google | 1 Android | 2025-05-01 | N/A | 5.5 MEDIUM |
| In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 | |||||
| CVE-2022-20441 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 | |||||
| CVE-2024-43430 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.3 MEDIUM |
| A flaw was found in moodle. External API access to Quiz can override contained insufficient access control. | |||||
| CVE-2022-44548 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 4.3 MEDIUM |
| There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. | |||||
| CVE-2024-30204 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2025-05-01 | N/A | 2.8 LOW |
| In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | |||||
| CVE-2022-44561 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. | |||||
| CVE-2022-44557 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. | |||||