ReportizFlow
Filtered by vendor
Subscriptions
Total
1394 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4280 | 2025-05-23 | N/A | ||
| MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Poedit, potentially disguising attacker's malicious intent. This issue has been fixed in 3.6.3 version of Poedit. | ||||
| CVE-2021-39967 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2025-05-22 | 7.5 High |
| There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-21012 | 4 Debian, Netapp, Oracle and 1 more | 17 Debian Linux, Active Iq Unified Manager, Data Infrastructure Insights Acquisition Unit and 14 more | 2025-05-21 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2024-45067 | 2025-05-17 | 8.2 High | ||
| Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31359 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | 7.3 High |
| Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-31358 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | 7.3 High |
| A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2024-28954 | 2025-05-16 | 6.7 Medium | ||
| Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20095 | 2025-05-16 | 6.7 Medium | ||
| Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-47550 | 2025-05-16 | 6.7 Medium | ||
| Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36339 | 2025-05-16 | 7.3 High | ||
| A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2024-21960 | 2025-05-16 | 7.3 High | ||
| Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2022-33922 | 1 Dell | 1 Geodrive | 2025-05-15 | 7 High |
| Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2022-40187 | 2 Bushnellgolf, Foresightsports | 4 Launch Pro, Launch Pro Firmware, Gc3 Launch Monitor and 1 more | 2025-05-15 | 8 High |
| Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property. | ||||
| CVE-2024-46054 | 2 Davidguva, Openvidreview Project | 2 Openvidreview, Openvidreview | 2025-05-15 | 9.8 Critical |
| OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. | ||||
| CVE-2022-42464 | 1 Openharmony | 1 Openharmony | 2025-05-14 | 6.7 Medium |
| OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. | ||||
| CVE-2021-33324 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.3 Medium |
| The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. | ||||
| CVE-2021-33327 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.3 Medium |
| The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. | ||||
| CVE-2021-33333 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 6.3 Medium |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs. | ||||
| CVE-2021-33334 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.3 Medium |
| The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration. | ||||
| CVE-2022-36439 | 1 Asus | 3 Asusliveupdate, Asussoftwaremanger, System Control Interface | 2025-05-13 | 6 Medium |
| AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0. | ||||