| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) |
| A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. |
| NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. |
| Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. |
| Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. |
| Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. |
| When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. |
| A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.
|
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974. |
| An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. |
| Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. |
|
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path
|
| An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface. |
| Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. |
|
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.
|
| Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
