Total
1414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47712 | 1 Ibm | 1 Security Guardium | 2025-01-14 | 7.8 High |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. | ||||
| CVE-2023-31874 | 1 Yank-note | 1 Yank Note | 2025-01-14 | 8.8 High |
| Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). | ||||
| CVE-2024-54910 | 2025-01-14 | 4.7 Medium | ||
| Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. | ||||
| CVE-2022-41766 | 1 Mediawiki | 1 Mediawiki | 2025-01-14 | 4.3 Medium |
| An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). | ||||
| CVE-2023-28346 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | 7.3 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials. | ||||
| CVE-2025-0066 | 2025-01-14 | 9.9 Critical | ||
| Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application | ||||
| CVE-2024-11497 | 2025-01-14 | 8.8 High | ||
| An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | ||||
| CVE-2024-7594 | 1 Hashicorp | 2 Vault Community Edition, Vault Enterprise | 2025-01-10 | 7.5 High |
| Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15. | ||||
| CVE-2023-38037 | 1 Redhat | 3 Logging, Satellite, Satellite Capsule | 2025-01-09 | 3.3 Low |
| ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2023-28399 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | 7.8 High |
| Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program. | ||||
| CVE-2024-47475 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 5 Medium |
| Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-55411 | 2025-01-08 | 8.8 High | ||
| An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | ||||
| CVE-2023-33695 | 1 Hutool | 1 Hutool | 2025-01-03 | 7.1 High |
| Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | ||||
| CVE-2023-32114 | 1 Sap | 1 Netweaver | 2025-01-03 | 2.7 Low |
| SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application. | ||||
| CVE-2023-2876 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2025-01-03 | 3.1 Low |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1. | ||||
| CVE-2023-30897 | 1 Siemens | 1 Wincc | 2025-01-03 | 7.8 High |
| A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | ||||
| CVE-2023-31142 | 1 Discourse | 1 Discourse | 2025-01-02 | 2 Low |
| Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose. | ||||
| CVE-2024-49385 | 2025-01-02 | N/A | ||
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736. | ||||
| CVE-2024-21431 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-12-31 | 7.8 High |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | ||||
| CVE-2024-21305 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-12-31 | 4.4 Medium |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | ||||