Filtered by CWE-276
Filtered by vendor Subscriptions
Total 1138 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-46544 1 Redhat 4 Enterprise Linux, Jboss Core Services, Rhel E4s and 1 more 2024-11-21 5.9 Medium
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.
CVE-2024-42053 2024-11-21 7.8 High
The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.
CVE-2024-3904 2024-11-21 8.8 High
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.
CVE-2024-3779 1 Eset 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more 2024-11-21 6.1 Medium
Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.
CVE-2024-39347 2024-11-21 5.9 Medium
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
CVE-2024-38459 2024-11-21 7.8 High
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
CVE-2024-37038 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-11-21 7.5 High
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
CVE-2024-36541 1 Kube-logging 2 Logging-operator, Logging Operator 2024-11-21 8.8 High
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVE-2024-36495 1 Faronics 1 Winselect 2024-11-21 7.7 High
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd
CVE-2024-35139 1 Ibm 2 Security Access Manager, Security Verify Access Docker 2024-11-21 6.2 Medium
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
CVE-2024-34474 2024-11-21 7.8 High
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.
CVE-2024-34455 2024-11-21 7.5 High
Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2.
CVE-2024-34223 1 Sourcecodester 1 Human Resource Management System 2024-11-21 4.3 Medium
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
CVE-2024-34221 1 Sourcecodester 1 Human Resource Management System 2024-11-21 8.8 High
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
CVE-2024-34012 1 Acronis 1 Cloud Manager 2024-11-21 4.4 Medium
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
CVE-2024-34011 2024-11-21 N/A
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.
CVE-2024-32978 2024-11-21 6.6 Medium
Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 0.16.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user.
CVE-2024-32861 1 Johnsoncontrols 1 Software House C-cure 9000 2024-11-21 7.8 High
Under certain circumstances the Software House C●CURE 9000 Site Server provides insufficient protection of directories containing executables.
CVE-2024-31442 2024-11-21 8.8 High
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.
CVE-2024-30415 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.1 Critical
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.