ReportizFlow
Filtered by vendor
Subscriptions
Total
1488 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7195 | 1 Redhat | 13 Acm, Advanced Cluster Security, Apicurio Registry and 10 more | 2026-03-15 | 6.4 Medium |
| Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2026-26131 | 1 Microsoft | 1 .net | 2026-03-14 | 7.8 High |
| Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-8766 | 1 Redhat | 1 Openshift Data Foundation | 2026-03-13 | 6.4 Medium |
| A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container | ||||
| CVE-2025-57849 | 1 Redhat | 1 Jboss Fuse | 2026-03-13 | 6.4 Medium |
| A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2026-28727 | 2 Acronis, Apple | 5 Acronis Cyber Protect 17, Agent, Cyber Protect and 2 more | 2026-03-13 | N/A |
| Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124. | ||||
| CVE-2025-57850 | 1 Redhat | 1 Openshift Devspaces | 2026-03-12 | 6.4 Medium |
| A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2024-11089 | 1 Cayenne | 1 Anonymous Restricted Content | 2026-03-12 | 5.3 Medium |
| The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users. | ||||
| CVE-2026-28717 | 2 Acronis, Microsoft | 3 Acronis Cyber Protect 17, Cyber Protect, Windows | 2026-03-11 | N/A |
| Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | ||||
| CVE-2026-28267 | 4 Digital Arts, Fujitsu, Inventit and 1 more | 11 Digitalarts@cloud Agent (for Windows), I-filter ブラウザー&クラウド Multiagent For Windows, I-フィルター 10 (windows Version Only) and 8 more | 2026-03-11 | N/A |
| Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user. | ||||
| CVE-2026-3315 | 1 Assa Abloy | 1 Visionline | 2026-03-11 | N/A |
| Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33. | ||||
| CVE-2026-24414 | 1 Icinga | 2 Icinga Powershell Framework, Powershell-framework | 2026-03-10 | 5.5 Medium |
| The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory grant every user read access, which results in the exposure of private key of the Icinga certificate for the given host. All installations are affected. Versions 1.13.4, 1.12.4, and 1.11.2 contains a patch. Please note that upgrading to a fixed version of Icinga for Windows will also automatically fix a similar issue present in Icinga 2, CVE-2026-24413. As a workaround, the permissions can be restricted manually by updating the ACL for the given folder `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` (and `C:\ProgramData\icinga2\var` to fix the issue for the Icinga 2 agent as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access. | ||||
| CVE-2026-26034 | 2 Dell, Dell Inc. | 2 Ups Multi-ups Management Console, Ups Multi-ups Management Console (mumc) | 2026-03-09 | N/A |
| UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL. | ||||
| CVE-2026-2915 | 2 Hp, Hp Inc | 2 System Event Utility, Hp System Event Utility | 2026-03-09 | 7.1 High |
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | ||||
| CVE-2025-58712 | 1 Redhat | 2 Amq Broker, Rhosemc | 2026-03-07 | 6.4 Medium |
| A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2025-57852 | 1 Redhat | 1 Openshift Ai | 2026-03-07 | 6.4 Medium |
| A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2025-57848 | 1 Redhat | 1 Container Native Virtualization | 2026-03-07 | 6.4 Medium |
| A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2026-21423 | 1 Dell | 1 Powerscale Onefs | 2026-03-05 | 6.7 Medium |
| Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of privileges, and information disclosure. | ||||
| CVE-2020-37129 | 1 Microvirt | 2 Memu, Memu Play | 2026-03-05 | 9.8 Critical |
| Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions. | ||||
| CVE-2023-31068 | 1 Tsplus | 1 Tsplus Remote Work | 2026-03-03 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. | ||||
| CVE-2026-27653 | 1 Soliton Systems K.k. | 3 Soliton Securebrowser For Onegate, Soliton Securebrowser Ii, Soliton Secureworkspace (formerly Wrappingbox) | 2026-02-27 | N/A |
| The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges. | ||||