Filtered by CWE-732
Filtered by vendor Subscriptions
Total 1406 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-2905 1 Redhat 3 Enterprise Linux, Openshift, Rhel Eus 2024-12-24 6.2 Medium
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
CVE-2024-38864 2024-12-20 N/A
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.
CVE-2020-3503 1 Cisco 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more 2024-12-19 6 Medium
A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.
CVE-2023-21142 1 Google 1 Android 2024-12-18 5.5 Medium
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665
CVE-2024-7612 1 Ivanti 1 Endpoint Manager Mobile 2024-12-18 8.8 High
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
CVE-2023-34852 1 Publiccms 1 Publiccms 2024-12-18 9.8 Critical
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.
CVE-2023-34797 1 Temenos 1 Cwx 2024-12-18 5.4 Medium
Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information.
CVE-2024-47104 1 Ibm 1 I 2024-12-18 6.8 Medium
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.
CVE-2024-45841 2024-12-18 N/A
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained.
CVE-2023-34154 1 Huawei 1 Harmonyos 2024-12-17 8.2 High
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.
CVE-2024-8540 2024-12-14 8.8 High
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
CVE-2024-41647 1 Openrobotics 1 Robot Operating System 2024-12-13 9.8 Critical
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.
CVE-2022-33163 1 Ibm 1 Security Directory Suite Va 2024-12-13 5.3 Medium
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
CVE-2024-12564 2024-12-12 N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.
CVE-2024-12255 2024-12-12 5.3 Medium
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.
CVE-2024-37574 2024-12-12 8.2 High
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.
CVE-2024-21915 1 Rockwellautomation 1 Factorytalk Services Platform 2024-12-11 9 Critical
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.
CVE-2024-12363 2024-12-11 7.1 High
Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management.
CVE-2024-10256 2024-12-10 7.1 High
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
CVE-2024-7572 2024-12-10 7.1 High
Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.