| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a specially crafted DLL file, arbitrary code could be executed with SYSTEM privilege. |
| An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access. |
| The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-scripts/__pycache__` directory during installation. Code in this directory is only run by the Agent during Agent install/upgrades. This could allow an attacker with local access to modify files in this directory, which would then subsequently be run when the Agent is upgraded, resulting in local privilege escalation. This issue requires local access to the host and a valid low privilege account to be vulnerable. Note that this vulnerability only impacts the Linux Host Agent. Other variations of the Agent including the container, kubernetes, windows host and other agents are not impacted. Version 7.71.0 contains a patch for the issue. |
| Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker. |
| Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL 30Z device, the vulnerable app has a package name of com.tcl.screenrecorder (versionCode='1221092802', versionName='v5.2120.02.12008.1.T' ; versionCode='1221092805', versionName='v5.2120.02.12008.2.T'). On the TCL 10L device, the vulnerable app has a package name of com.tcl.sos (versionCode='2020102827', versionName='v3.2014.12.1012.B'). When a third-party app declares and requests the missing permission, it can interact with certain service components in the aforementioned apps (that execute with "system" privileges) to perform arbitrary files reads/writes in its context. An app exploiting this vulnerability only needs to declare and request the single missing permission and no user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 10L (TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys) and TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys). This malicious app declares the missing permission named com.tct.smart.switchphone.permission.SWITCH_DATA as a normal permission, requests the missing permission, and uses it to interact with the com.tct.smart.switchdata.DataService service component that is declared in vulnerable apps that execute with "system" privileges to perform arbitrary file reads/writes. |
| Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed. |
| grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. |
| A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. |
| Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable.
Moreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine. |
| Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory (versionCode='7', versionName='1.8.0(220310_1027)') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.transsion.autotest.factory app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The confirmed vulnerable software build fingerprints for the Itel Vision 3 Turbo device are as follows: Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V92-20230105:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V86-20221118:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V78-20221101:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V64-20220803:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V61-20220721:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V58-20220712:user/release-keys, and Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V051-20220613:user/release-keys. This malicious app sends a broadcast Intent to the receiver component named com.transsion.autotest.factory/.broadcast.CommandReceiver with the path to a shell script that it creates in its scoped storage directory. Then the com.transsion.autotest.factory app will execute the shell script with "system" privileges. |
| System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. |
| An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file. |
| Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. |
| Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. |
| Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases OAuth user IDs before storing / fetching them. This behavior violates OAuth and OpenID Connect specifications and can result in user impersonation, account collisions, and privilege escalation. In practice, out of the OAuth providers that Wasp auth supports, only Keycloak is affected. Keycloak uses a lowercase UUID by default, but users can configure it to be case sensitive, making it affected. Google, GitHub, and Discord use numerical IDs, making them not affected. Users should update their Wasp version to `0.16.6` which has a fix for the problematic behavior. Users using Keycloak can work around the issue by not using a case sensitive user ID in their realm configuration. |
| conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24. |
| A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. |
| Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue. |
| Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access. |
