Total
1594 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0890 | 1 Redhat | 1 Directory Server | 2025-04-09 | N/A |
| Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. | ||||
| CVE-2008-0884 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | N/A |
| The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file. | ||||
| CVE-2007-5544 | 1 Ibm | 2 Lotus Domino, Lotus Notes | 2025-04-09 | 7.8 High |
| IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | ||||
| CVE-2008-0322 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 7.8 High |
| The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. | ||||
| CVE-2007-6033 | 1 Wonderware | 1 Intouch | 2025-04-09 | 8.8 High |
| Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. | ||||
| CVE-2022-47927 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-04-08 | 5.5 Medium |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data. | ||||
| CVE-2022-4365 | 1 Gitlab | 1 Gitlab | 2025-04-08 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page. | ||||
| CVE-2022-39186 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2025-04-08 | 6.2 Medium |
| EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions | ||||
| CVE-2024-3668 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2025-04-08 | 8.8 High |
| The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator. | ||||
| CVE-2023-27084 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 5.3 Medium |
| Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | ||||
| CVE-2025-25041 | 2025-04-03 | 5.5 Medium | ||
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. This vulnerability does not affect Linux and Android based clients. | ||||
| CVE-2022-34457 | 1 Dell | 1 Command\|configure | 2025-04-03 | 7.3 High |
| Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users. | ||||
| CVE-2025-25373 | 1 Nasa | 1 Cfs | 2025-04-03 | 9.8 Critical |
| The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. | ||||
| CVE-2023-22592 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2025-04-03 | 4 Medium |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | ||||
| CVE-2005-4868 | 2 Ibm, Microsoft | 2 Db2 Universal Database, Windows | 2025-04-03 | 7.1 High |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | ||||
| CVE-2001-0006 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.1 High |
| The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | ||||
| CVE-2004-1714 | 1 Iss | 2 Blackice Pc Protection, Blackice Server Protection | 2025-04-03 | 7.1 High |
| BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule. | ||||
| CVE-2023-20923 | 1 Google | 1 Android | 2025-04-02 | 5.5 Medium |
| In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | ||||
| CVE-2021-22117 | 2 Broadcom, Microsoft | 2 Rabbitmq Server, Windows | 2025-04-02 | 7.8 High |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | ||||
| CVE-2022-44263 | 1 Dentsplysirona | 1 Sidexis | 2025-03-31 | 7.8 High |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | ||||