Filtered by CWE-276
Filtered by vendor Subscriptions
Total 1311 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45067 2025-05-17 8.2 High
Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-29801 2025-05-16 7.8 High
Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2023-31359 1 Amd 1 Aim-t Manageability Api 2025-05-16 7.3 High
Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31358 1 Amd 1 Aim-t Manageability Api 2025-05-16 7.3 High
A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-28954 2025-05-16 6.7 Medium
Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-47550 2025-05-16 6.7 Medium
Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20095 2025-05-16 6.7 Medium
Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36339 2025-05-16 7.3 High
A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-21960 2025-05-16 7.3 High
Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2025-4660 2 Forescout, Microsoft 2 Secureconnector, Windows 2025-05-15 9.8 Critical
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.  This does not impact Linux or OSX Secure Connector.
CVE-2022-33922 1 Dell 1 Geodrive 2025-05-15 7 High
Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2022-40187 2 Bushnellgolf, Foresightsports 4 Launch Pro, Launch Pro Firmware, Gc3 Launch Monitor and 1 more 2025-05-15 8 High
Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.
CVE-2024-46054 2 Davidguva, Openvidreview Project 2 Openvidreview, Openvidreview 2025-05-15 9.8 Critical
OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.
CVE-2022-42464 1 Openharmony 1 Openharmony 2025-05-14 6.7 Medium
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.
CVE-2021-33327 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-05-13 4.3 Medium
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled.
CVE-2021-33333 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-05-13 6.3 Medium
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
CVE-2021-33324 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-05-13 4.3 Medium
The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.
CVE-2021-33334 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-05-13 4.3 Medium
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.
CVE-2022-36439 1 Asus 3 Asusliveupdate, Asussoftwaremanger, System Control Interface 2025-05-13 6 Medium
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.
CVE-2022-36438 1 Asus 2 Asusswitch, System Control Interface 2025-05-13 7.8 High
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0.