Total
218 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-6335 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more | 2024-11-21 | 3.3 LOW | N/A |
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
CVE-2005-1920 | 2 Debian, Kde | 2 Debian Linux, Kde | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | |||||
CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | |||||
CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | |||||
CVE-2001-0195 | 1 Debian | 1 Debian Linux | 2024-11-20 | 2.1 LOW | 7.8 HIGH |
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. | |||||
CVE-2024-10458 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-10-31 | N/A | 7.5 HIGH |
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | |||||
CVE-2024-9333 | 2024-10-04 | N/A | N/A | ||
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation | |||||
CVE-2024-44188 | 1 Apple | 1 Macos | 2024-09-24 | N/A | 5.5 MEDIUM |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | |||||
CVE-2024-40859 | 1 Apple | 1 Macos | 2024-09-24 | N/A | 5.5 MEDIUM |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | |||||
CVE-2024-44149 | 1 Apple | 1 Macos | 2024-09-24 | N/A | 7.5 HIGH |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | |||||
CVE-2024-40770 | 1 Apple | 1 Macos | 2024-09-24 | N/A | 7.5 HIGH |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings. | |||||
CVE-2024-27795 | 1 Apple | 1 Macos | 2024-09-23 | N/A | 7.5 HIGH |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet. | |||||
CVE-2024-27858 | 1 Apple | 1 Macos | 2024-09-23 | N/A | 5.5 MEDIUM |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | |||||
CVE-2024-40831 | 1 Apple | 1 Macos | 2024-09-23 | N/A | 5.5 MEDIUM |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library. | |||||
CVE-2024-33892 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2024-09-03 | N/A | 7.5 HIGH |
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3 | |||||
CVE-2024-22121 | 2024-08-12 | N/A | 6.1 MEDIUM | ||
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | |||||
CVE-2024-22114 | 2024-08-12 | N/A | 4.3 MEDIUM | ||
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. | |||||
CVE-2024-23464 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 4.9 MEDIUM |
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1 |