Vulnerabilities (CVE)

Filtered by CWE-281
Total 218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6335 4 Hp, Ibm, Linux and 1 more 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more 2024-11-21 3.3 LOW N/A
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVE-2005-1920 2 Debian, Kde 2 Debian Linux, Kde 2024-11-20 5.0 MEDIUM 7.5 HIGH
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
CVE-2002-2323 1 Sun 1 Solaris Pc Netlink 2024-11-20 5.0 MEDIUM 7.5 HIGH
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
CVE-2001-1515 1 Microsoft 1 Windows 2000 2024-11-20 5.0 MEDIUM 7.5 HIGH
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
CVE-2001-0195 1 Debian 1 Debian Linux 2024-11-20 2.1 LOW 7.8 HIGH
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
CVE-2024-10458 1 Mozilla 2 Firefox, Thunderbird 2024-10-31 N/A 7.5 HIGH
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-9333 2024-10-04 N/A N/A
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
CVE-2024-44188 1 Apple 1 Macos 2024-09-24 N/A 5.5 MEDIUM
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
CVE-2024-40859 1 Apple 1 Macos 2024-09-24 N/A 5.5 MEDIUM
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
CVE-2024-44149 1 Apple 1 Macos 2024-09-24 N/A 7.5 HIGH
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
CVE-2024-40770 1 Apple 1 Macos 2024-09-24 N/A 7.5 HIGH
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
CVE-2024-27795 1 Apple 1 Macos 2024-09-23 N/A 7.5 HIGH
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
CVE-2024-27858 1 Apple 1 Macos 2024-09-23 N/A 5.5 MEDIUM
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
CVE-2024-40831 1 Apple 1 Macos 2024-09-23 N/A 5.5 MEDIUM
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.
CVE-2024-33892 1 Hms-networks 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more 2024-09-03 N/A 7.5 HIGH
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3
CVE-2024-22121 2024-08-12 N/A 6.1 MEDIUM
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
CVE-2024-22114 2024-08-12 N/A 4.3 MEDIUM
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
CVE-2024-23464 1 Zscaler 1 Client Connector 2024-08-07 N/A 4.9 MEDIUM
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1