35 matches found
CVE-2025-33088
IBM Concert Software (versions 1.0.0–2.1.0) contains a local privilege escalation flaw due to incorrect file permissions on critical resources, allowing a local user with architectural knowledge to elevate privileges. Root cause identified as improper permissions for sensitive files/resources. Af...
EUVD-2018-3108
Malware in sbrugna...
CVE-2025-2098 Dylib Hijacking in Fast CAD Reader
Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users...
Security Bulletin: IBM QRadar SIEM is vulnerable to infomation disclosured due to incorrect file permissions (CVE-2022-22424)
Summary IBM QRadar could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-22424 DESCRIPTION: IBM QRadar could allow a local user to obtain sensitive...
CVE-2025-1413 Dylib Hijacking in DaVinci Resolve
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...
Pulse Connect Secure < 22.6R2.0 (000096001)
The version of Pulse Connect Secure installed on the remote host is prior to 22.6R2.0. It is, therefore, affected by a vulnerability as referenced in the 000096001 advisory. - Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1...
CVE-2024-39709
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1 Not Applicable to 9.1Rx allow a local authenticated attacker to escalate their privileges...
Fedora: Security Advisory (FEDORA-2023-28962dd58a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-28962dd58a)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-28962dd58a advisory. Ruby on Rails security upgrade: https://rubyonrails.org/2023/8/22/Rails-Versions-7-0-7-2-6-1-7-6-have- been-released - incorrect file permissions on encrypte...
Dell Grab 安全漏洞
Dell Grab is a configuration technology from Dell, Inc. It is used to collect data on hosts connected to Dell EMC storage devices. A security vulnerability exists in Dell Grab version 5.0.4 and earlier, which stems from a system containing an incorrect file permission vulnerability that results i...
Docker Desktop < 4.5.0 Incorrect File Permissions
The version of Docker Desktop for Windows is prior to 4.5.0. It is therefore affected by a vulnerability that allows attackers to move arbitrary files. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900...
CVE-2023-28143
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
CVE-2023-28143 Local Privilege Escalation
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
IBM QRadar SIEM Licensing Issue Vulnerability (CNVD-2022-83585)
IBM QRadar SIEM is a solution from IBM America that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRadar SI...
CVE-2022-22424
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597...
CVE-2022-34891
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords
Summary A flaw in the file permissions may expose IPMI user passwords. This may lead to privilege escalations. Vulnerability Details CVEID: CVE-2020-14156 DESCRIPTION: OpenBMC phosphor-host-ipmid could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to...
CVE-2021-31540
Wowza Streaming Engine through 4.8.5 in a default installation has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration...
CVE-2020-8190
CVE-2020-8190 is a local elevation of privileges vulnerability in Citrix ADC and Citrix Gateway (and implicated Citrix SD-WAN WANOP appliances) caused by incorrect file permissions . It requires an authenticated user on the NSIP to exploit and can lead to privilege escalation within the device co...
CVE-2019-17421
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...