Total
1484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49724 | 1 Google | 1 Android | 2025-04-22 | 7 High |
| In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-40132 | 1 Google | 1 Android | 2025-04-22 | 7.8 High |
| In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2022-20495 | 1 Google | 1 Android | 2025-04-22 | 7.8 High |
| In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844 | ||||
| CVE-2024-43769 | 1 Google | 1 Android | 2025-04-21 | 7.8 High |
| In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2025-04-21 | 5.5 Medium |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | ||||
| CVE-2021-22571 | 1 Google | 1 Sa360 Webquery To Bigquery Exporter | 2025-04-21 | 5.5 Medium |
| A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. | ||||
| CVE-2017-7968 | 1 Schneider-electric | 1 Wonderware Indusoft Web Studio | 2025-04-20 | N/A |
| An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges. | ||||
| CVE-2017-6404 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | N/A |
| An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | ||||
| CVE-2017-5686 | 1 Intel | 4 Nuc6i3syh Bios, Nuc6i3syk, Nuc6i3syk Bios and 1 more | 2025-04-20 | N/A |
| The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. | ||||
| CVE-2017-5685 | 1 Intel | 2 Nuc6i7kyk, Nuc6i7kyk Bios | 2025-04-20 | N/A |
| The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. | ||||
| CVE-2017-5684 | 1 Intel | 2 Stk2mv64cc, Stk2mv64cc Bios | 2025-04-20 | N/A |
| The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | ||||
| CVE-2017-4975 | 1 Pivotal | 1 Pcf Tile Generator | 2025-04-20 | N/A |
| An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator. | ||||
| CVE-2017-11610 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Cloudforms and 2 more | 2025-04-20 | N/A |
| The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | ||||
| CVE-2017-11156 | 1 Synology | 1 Download Station | 2025-04-20 | N/A |
| Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | ||||
| CVE-2017-16522 | 1 Mitrastar | 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more | 2025-04-20 | N/A |
| MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | ||||
| CVE-2017-14427 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.8 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. | ||||
| CVE-2017-14425 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.8 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | ||||
| CVE-2017-14424 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.8 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. | ||||
| CVE-2017-1382 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. | ||||
| CVE-2017-12763 | 3 Apple, Linux, Nomachine | 3 Mac Os X, Linux Kernel, Nomachine | 2025-04-20 | N/A |
| An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | ||||