Vulnerabilities (CVE)

Filtered by CWE-277
Total 22 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33870 1 Intel 2 Administrative Tools For Intel Network Adapters, Ethernet Connections Boot Utility\, Preboot Images\, And Efi Drivers 2024-10-25 N/A 7.8 HIGH
Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-33990 1 Sap 1 Sql Anywhere 2024-09-28 N/A 7.1 HIGH
SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.
CVE-2024-45599 2024-09-26 N/A 3.8 LOW
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable. Moreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine.
CVE-2024-7143 2 Pulpproject, Redhat 2 Pulp, Ansible Automation Platform 2024-09-18 N/A 8.3 HIGH
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.
CVE-2024-25561 1 Intel 10 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 and 7 more 2024-09-12 N/A 7.8 HIGH
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23908 1 Intel 1 Flexlm License Daemons For Intel Fpga 2024-09-12 N/A 7.8 HIGH
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36691 2024-08-21 N/A 6.3 MEDIUM
Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information.
CVE-2024-42681 1 Xuxueli 1 Xxl-job 2024-08-19 N/A 8.8 HIGH
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
CVE-2022-41700 1 Intel 1 Nuc Pro Software Suite 2024-08-14 N/A 7.8 HIGH
Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-6605 2024-08-01 N/A 8.8 HIGH
Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.
CVE-2024-39877 1 Apache 1 Airflow 2024-08-01 N/A 8.8 HIGH
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.
CVE-2024-36539 2024-08-01 N/A 9.8 CRITICAL
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVE-2024-27848 1 Apple 3 Ipados, Iphone Os, Macos 2024-07-03 N/A 7.8 HIGH
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root privileges.
CVE-2024-29417 2024-07-03 N/A 8.4 HIGH
Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.
CVE-2024-27847 2024-07-03 N/A 7.4 HIGH
This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences.
CVE-2024-27834 2024-07-03 N/A 8.1 HIGH
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
CVE-2024-27825 2024-07-03 N/A 7.8 HIGH
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences.
CVE-2024-27822 2024-07-03 N/A 7.4 HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges.
CVE-2024-21835 1 Intel 1 Extreme Tuning Utility 2024-06-07 N/A 7.8 HIGH
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45736 2024-05-17 N/A 6.7 MEDIUM
Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.