Loading...
Loading...
1,613 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, …
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" grou…
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an…
OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint e…
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve p…
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire L…
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an …
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.ex…
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged u…
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as s…
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.
Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.
Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi drivers may allow an authenticated user to potentially enable information disclosure and denial of service via adjacent access.
Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system admi…
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator m…
In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with n…
In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is no…
In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interacti…
In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr…
In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interacti…
In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation…
In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction …
In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disc…
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. …
In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User inter…
In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P…
In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User int…
In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional exec…
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: A…
In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local informat…
In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. Use…
In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interactio…
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which ma…
The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.
Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logi…
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impa…
EchelonGraph correlates every CVE — across CWE-276 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →