Export limit exceeded: 352313 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36770 | 1 Gentoo | 1 Ebuild For Slurm | 2025-06-20 | 7.8 High |
| pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files. | ||||
| CVE-2025-48747 | 1 Netwrix | 1 Directory Manager | 2025-06-19 | 5 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource. | ||||
| CVE-2023-48714 | 1 Silverstripe | 1 Framework | 2025-06-17 | 4.3 Medium |
| Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. | ||||
| CVE-2023-38541 | 1 Intel | 1 Hid Event Filter Driver | 2025-06-17 | 6.7 Medium |
| Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-41776 | 1 Zte | 1 Zxcloud Irai | 2025-06-16 | 6.7 Medium |
| There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | ||||
| CVE-2023-49257 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-11 | 8.8 High |
| An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | ||||
| CVE-2023-5136 | 1 Ni | 4 Diadem, Flexlogger, Topografix Data Plugin and 1 more | 2025-06-11 | 5.5 Medium |
| An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. | ||||
| CVE-2022-1348 | 3 Fedoraproject, Logrotate Project, Redhat | 3 Fedora, Logrotate, Enterprise Linux | 2025-06-09 | 6.5 Medium |
| A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. | ||||
| CVE-2025-3936 | 2 Microsoft, Tridium | 3 Windows, Niagara, Niagara Enterprise Security | 2025-06-04 | 6.5 Medium |
| Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | ||||
| CVE-2025-3944 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | 7.2 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | ||||
| CVE-2024-22236 | 1 Vmware | 1 Spring Cloud Contract | 2025-06-03 | 3.3 Low |
| In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | ||||
| CVE-2023-34042 | 1 Vmware | 1 Spring Security | 2025-06-03 | 4.1 Medium |
| The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. | ||||
| CVE-2024-21305 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-06-03 | 4.4 Medium |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | ||||
| CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | 7.5 High |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | ||||
| CVE-2022-2995 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2025-05-29 | 7.1 High |
| Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2017-20148 | 1 Debian | 1 Logcheck | 2025-05-29 | 9.8 Critical |
| In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls. | ||||
| CVE-2025-3395 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.1 High |
| Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||
| CVE-2025-3394 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.8 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||
| CVE-2022-28802 | 1 Zapier | 1 Code By Zapier | 2025-05-27 | 8.8 High |
| Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.) | ||||
| CVE-2022-40298 | 1 Crestron | 1 Airmedia | 2025-05-27 | 8.8 High |
| Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell. | ||||