Filtered by vendor
Subscriptions
Total
1138 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43791 | 1 Steveklabnik | 1 Request Store | 2024-09-12 | 7.8 High |
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed. | ||||
CVE-2024-34018 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | 5.5 Medium |
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | ||||
CVE-2024-43114 | 1 Jetbrains | 1 Teamcity | 2024-09-11 | 7.5 High |
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | ||||
CVE-2024-26025 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2024-09-06 | 6.7 Medium |
Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-27461 | 1 Intel | 1 Memory And Storage Tool Gui | 2024-09-06 | 5.6 Medium |
Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. | ||||
CVE-2024-34648 | 1 Samsung | 1 Android | 2024-09-05 | 5.1 Medium |
Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | ||||
CVE-2024-34661 | 1 Samsung | 1 Assistant | 2024-09-05 | 4.3 Medium |
Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. | ||||
CVE-2024-23495 | 1 Intel | 3 Distribution For Gdb, Distribution For Gdb Software, Oneapi Base Toolkit | 2024-08-31 | 6.7 Medium |
Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-6974 | 1 Catonetworks | 2 Cato Client, Sdp Client | 2024-08-27 | 8.8 High |
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34. | ||||
CVE-2024-42681 | 1 Xuxueli | 1 Xxl-job | 2024-08-19 | 8.8 High |
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | ||||
CVE-2024-2175 | 1 Lenovo | 2 Accessories And Display Manager, Display Control Center | 2024-08-19 | 7.8 High |
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. | ||||
CVE-2024-4763 | 1 Lenovo | 2 Accessories And Display Manager, Display Control Center | 2024-08-19 | 7.8 High |
An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel. | ||||
CVE-2024-22378 | 1 Intel | 1 Unite | 2024-08-14 | 6.7 Medium |
Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-43747 | 1 Intel | 1 Connectivity Performance Suite | 2024-08-14 | 6.7 Medium |
Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-23974 | 1 Intel | 1 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack | 2024-08-14 | 6.7 Medium |
Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-34617 | 1 Samsung | 1 Android | 2024-08-12 | 4 Medium |
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | ||||
CVE-2024-34616 | 1 Samsung | 1 Android | 2024-08-12 | 5.1 Medium |
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | ||||
CVE-2024-7525 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-08-12 | 9.1 Critical |
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. |