Total
1246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29967 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 4.4 Medium |
| In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files. | ||||
| CVE-2024-40514 | 2025-02-03 | 4.6 Medium | ||
| Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | ||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2025-02-03 | 7.8 High |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | ||||
| CVE-2025-24140 | 1 Apple | 1 Macos | 2025-02-03 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied. | ||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2025-02-03 | 8.7 High |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | ||||
| CVE-2024-52783 | 2025-02-03 | 5.1 Medium | ||
| Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. | ||||
| CVE-2024-27134 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 7 High |
| Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called. | ||||
| CVE-2022-38583 | 1 Sage | 1 Sage 300 | 2025-01-31 | 7.8 High |
| On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | ||||
| CVE-2025-24788 | 2025-01-31 | 5 Medium | ||
| snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0. | ||||
| CVE-2025-24795 | 2025-01-31 | 4.4 Medium | ||
| The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1. | ||||
| CVE-2024-1488 | 2 Fedoraproject, Redhat | 23 Unbound, Codeready Linux Builder, Codeready Linux Builder Eus and 20 more | 2025-01-30 | 8 High |
| A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | ||||
| CVE-2023-29058 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2025-01-30 | 6.4 Medium |
| A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | ||||
| CVE-2023-29057 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2025-01-30 | 7.3 High |
| A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. | ||||
| CVE-2023-27035 | 1 Obsidian | 1 Obsidian | 2025-01-30 | 6.5 Medium |
| An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | ||||
| CVE-2022-4568 | 1 Lenovo | 1 System Update | 2025-01-30 | 7 High |
| A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | ||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2025-01-30 | 8.8 High |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | ||||
| CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2025-01-29 | 9.8 Critical |
| An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | ||||
| CVE-2023-22651 | 1 Suse | 1 Rancher | 2025-01-29 | 9.9 Critical |
| Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. | ||||
| CVE-2023-28192 | 1 Apple | 1 Macos | 2025-01-29 | 5.5 Medium |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. | ||||
| CVE-2025-24826 | 2025-01-28 | N/A | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625. | ||||