Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25561 | 1 Intel | 10 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 and 7 more | 2024-09-12 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23908 | 1 Intel | 2 Flexlm License Daemons For Intel Fpga, Fpga Add-on | 2024-09-12 | 6.7 Medium |
| Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-40361 | 1 Secudos | 1 Qiata | 2024-09-12 | 7.8 High |
| SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | ||||
| CVE-2024-21902 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | 6.4 Medium |
| An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||
| CVE-2023-42489 | 1 Busbaer | 1 Eisbaer Scada | 2024-09-10 | 7.5 High |
| EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource | ||||
| CVE-2020-16990 | 1 Microsoft | 1 Azure Sphere | 2024-09-10 | 6.2 Medium |
| Azure Sphere Information Disclosure Vulnerability | ||||
| CVE-2024-41171 | 1 Siemens | 3 Sinumerik 828d Firmware, Sinumerik 840d Sl Firmware, Sinumerik One Firmware | 2024-09-10 | 8.8 High |
| A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system. | ||||
| CVE-2024-41954 | 1 Fogproject | 1 Fogproject | 2024-09-05 | 5.3 Medium |
| FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41. | ||||
| CVE-2023-6179 | 1 Honeywell | 1 Prowatch | 2024-09-04 | 7.8 High |
| Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | ||||
| CVE-2024-38456 | 2024-09-03 | 7.8 High | ||
| HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | ||||
| CVE-2023-28134 | 1 Checkpoint | 1 Endpoint Security | 2024-09-03 | 7.8 High |
| Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-47801 | 1 Clickstudios | 1 Passwordstate | 2024-09-03 | 4.7 Medium |
| An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records. | ||||
| CVE-2023-39230 | 1 Intel | 1 Rapid Storage Technology | 2024-08-30 | 6.7 Medium |
| Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34314 | 1 Intel | 1 Simics Simulator | 2024-08-30 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2024-08-30 | 5.3 Medium |
| An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | ||||
| CVE-2024-41720 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2024-08-30 | 8.0 High |
| Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. | ||||
| CVE-2023-34997 | 1 Intel | 1 Server Configuration Utility | 2024-08-30 | 6.7 Medium |
| Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2024-08-30 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-52107 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-29 | 7.5 High |
| Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-47564 | 1 Qnap | 1 Qsync Central | 2024-08-29 | 8 High |
| An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later | ||||