Total
1460 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20233 | 2025-03-26 | 2.5 Low | ||
| In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user. | ||||
| CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | ||||
| CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | ||||
| CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | ||||
| CVE-2023-22326 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-03-26 | 4.9 Medium |
| In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-25373 | 2025-03-26 | 9.8 Critical | ||
| The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. | ||||
| CVE-2024-10209 | 2025-03-25 | N/A | ||
| An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user. | ||||
| CVE-2024-51448 | 1 Ibm | 1 Robotic Process Automation | 2025-03-25 | 6.7 Medium |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | ||||
| CVE-2022-21939 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2025-03-24 | 7.5 High |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | ||||
| CVE-2025-0590 | 2025-03-24 | 7.5 High | ||
| Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. | ||||
| CVE-2023-32190 | 1 Suse | 1 Opensuse Tumbleweed | 2025-03-19 | 7.8 High |
| mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. | ||||
| CVE-2021-3172 | 1 Php-fusion | 1 Php-fusion | 2025-03-19 | 8.1 High |
| An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | ||||
| CVE-2025-27688 | 2025-03-19 | 7.8 High | ||
| Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2024-8900 | 2 Mozilla, Redhat | 7 Firefox, Enterprise Linux, Rhel Aus and 4 more | 2025-03-18 | 7.5 High |
| An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. | ||||
| CVE-2024-41720 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2025-03-17 | 8 High |
| Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. | ||||
| CVE-2019-15752 | 3 Apache, Docker, Microsoft | 3 Geode, Docker, Windows | 2025-03-14 | 7.8 High |
| Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | ||||
| CVE-2024-27883 | 1 Apple | 1 Macos | 2025-03-14 | 4.4 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | ||||
| CVE-2023-52388 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2025-21551 | 1 Oracle | 1 Solaris | 2025-03-13 | 6 Medium |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). | ||||
| CVE-2023-52554 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 6.5 Medium |
| Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||