Total
1392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28163 | 1 Sap | 1 Netweaver Process Integration | 2025-02-07 | N/A | 5.3 MEDIUM |
| Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. | |||||
| CVE-2025-0374 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
| When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd. An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved. | |||||
| CVE-2025-21325 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 3 more | 2025-02-07 | N/A | 7.8 HIGH |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | |||||
| CVE-2024-57520 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
| Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function | |||||
| CVE-2024-57068 | 2025-02-06 | N/A | 7.5 HIGH | ||
| A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2023-28123 | 1 Ui | 1 Desktop | 2025-02-05 | N/A | 5.5 MEDIUM |
| A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | |||||
| CVE-2024-45657 | 2025-02-04 | N/A | 5.0 MEDIUM | ||
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | |||||
| CVE-2024-36294 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36276 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-41970 | 2025-02-04 | N/A | 5.7 MEDIUM | ||
| A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | |||||
| CVE-2024-29964 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 5.7 MEDIUM |
| Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. | |||||
| CVE-2024-41974 | 2025-02-03 | N/A | 7.1 HIGH | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | |||||
| CVE-2024-39967 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. | |||||
| CVE-2023-31748 | 1 Wondershare | 1 Mobiletrans | 2025-01-31 | N/A | 7.8 HIGH |
| Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. | |||||
| CVE-2023-33251 | 2 Lightbend, Linux | 2 Akka Http, Linux Kernel | 2025-01-31 | N/A | 4.7 MEDIUM |
| When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | |||||
| CVE-2024-37369 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | |||||
| CVE-2024-7513 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 8.8 HIGH |
| CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. | |||||
| CVE-2024-6435 | 1 Rockwellautomation | 1 Pavilion8 | 2025-01-31 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section. | |||||
| CVE-2024-22334 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-29 | N/A | 4.4 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974. | |||||
| CVE-2023-25438 | 1 Genomedics | 1 Millegpg | 2025-01-29 | N/A | 7.8 HIGH |
| An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. | |||||