Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36542 | 2025-03-13 | N/A | 8.8 HIGH | ||
| Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-41601 | 2025-03-13 | N/A | 7.5 HIGH | ||
| Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. | |||||
| CVE-2023-27842 | 1 Extplorer | 1 Extplorer | 2025-02-26 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent | |||||
| CVE-2024-25561 | 1 Intel | 19 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 16 more | 2025-02-25 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36294 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36276 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-27834 | 4 Apple, Fedoraproject, Webkitgtk and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-12-12 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | |||||
| CVE-2024-27822 | 1 Apple | 1 Macos | 2024-12-09 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges. | |||||
| CVE-2024-27825 | 1 Apple | 1 Macos | 2024-12-09 | N/A | 7.1 HIGH |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2024-27847 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-09 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-7143 | 2 Pulpproject, Redhat | 2 Pulp, Ansible Automation Platform | 2024-11-21 | N/A | 8.3 HIGH |
| A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. | |||||
| CVE-2024-39877 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 8.8 HIGH |
| Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability. | |||||
| CVE-2024-36691 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information. | |||||
| CVE-2024-29417 | 2024-11-21 | N/A | 8.4 HIGH | ||
| Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. | |||||
| CVE-2024-27848 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 7.8 HIGH |
| This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root privileges. | |||||
| CVE-2024-21835 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38541 | 1 Intel | 1 Hid Event Filter Driver | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-33990 | 1 Sap | 1 Sql Anywhere | 2024-11-21 | N/A | 7.8 HIGH |
| SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted. | |||||
| CVE-2023-33870 | 1 Intel | 2 Administrative Tools For Intel Network Adapters, Ethernet Connections Boot Utility\, Preboot Images\, And Efi Drivers | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41700 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||