| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. |
| fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default |
| A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. |
| An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. |
| Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. |
| AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. |
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. |
| A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. |
| A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. |
| Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. |
| Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. |
| HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. |
| grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. |
