Search
Search Results (1894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34018 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | 5.5 Medium |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | ||||
| CVE-2024-43114 | 1 Jetbrains | 1 Teamcity | 2024-09-11 | 7.5 High |
| In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | ||||
| CVE-2024-26025 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2024-09-06 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-27461 | 1 Intel | 1 Memory And Storage Tool Gui | 2024-09-06 | 5.6 Medium |
| Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-34648 | 1 Samsung | 1 Android | 2024-09-05 | 5.1 Medium |
| Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | ||||
| CVE-2024-34661 | 1 Samsung | 1 Assistant | 2024-09-05 | 4.3 Medium |
| Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-23495 | 1 Intel | 3 Distribution For Gdb, Distribution For Gdb Software, Oneapi Base Toolkit | 2024-08-31 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-6974 | 1 Catonetworks | 2 Cato Client, Sdp Client | 2024-08-27 | 8.8 High |
| Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34. | ||||
| CVE-2024-42681 | 1 Xuxueli | 1 Xxl-job | 2024-08-19 | 8.8 High |
| Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | ||||
| CVE-2024-34617 | 1 Samsung | 1 Android | 2024-08-12 | 4 Medium |
| Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | ||||
| CVE-2024-34616 | 1 Samsung | 1 Android | 2024-08-12 | 5.1 Medium |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | ||||
| CVE-2024-7525 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-08-12 | 9.1 Critical |
| It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | ||||
| CVE-2024-41942 | 1 Jupyter | 1 Jupyterhub | 2024-08-12 | 7.2 High |
| JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users. In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue. | ||||
| CVE-2024-7458 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2024-08-06 | 5.5 Medium |
| A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551. | ||||