Lucene search
K

35 matches found

CVE
CVE
added 2026/02/17 9:35 p.m.13 views

CVE-2025-33088

IBM Concert Software (versions 1.0.0–2.1.0) contains a local privilege escalation flaw due to incorrect file permissions on critical resources, allowing a local user with architectural knowledge to elevate privileges. Root cause identified as improper permissions for sensitive files/resources. Af...

7.4CVSS5.5AI score0.00099EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3108

Malware in sbrugna...

7.8CVSS7.7AI score0.00392EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/26 3:23 p.m.15 views

CVE-2025-2098 Dylib Hijacking in Fast CAD Reader

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users...

8.4CVSS7.3AI score0.00164EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 1:36 a.m.37 views

Security Bulletin: IBM QRadar SIEM is vulnerable to infomation disclosured due to incorrect file permissions (CVE-2022-22424)

Summary IBM QRadar could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-22424 DESCRIPTION: IBM QRadar could allow a local user to obtain sensitive...

5.5CVSS5.2AI score0.00172EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/02/28 8:25 a.m.22 views

CVE-2025-1413 Dylib Hijacking in DaVinci Resolve

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

8.4CVSS0.00195EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.8 views

Pulse Connect Secure < 22.6R2.0 (000096001)

The version of Pulse Connect Secure installed on the remote host is prior to 22.6R2.0. It is, therefore, affected by a vulnerability as referenced in the 000096001 advisory. - Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1...

7.8CVSS7.6AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2024/11/13 2:15 a.m.1 views

CVE-2024-39709

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1 Not Applicable to 9.1Rx allow a local authenticated attacker to escalate their privileges...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.9 views

Fedora: Security Advisory (FEDORA-2023-28962dd58a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.7 views

Fedora 40 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-28962dd58a)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-28962dd58a advisory. Ruby on Rails security upgrade: https://rubyonrails.org/2023/8/22/Rails-Versions-7-0-7-2-6-1-7-6-have- been-released - incorrect file permissions on encrypte...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.6 views

Dell Grab 安全漏洞

Dell Grab is a configuration technology from Dell, Inc. It is used to collect data on hosts connected to Dell EMC storage devices. A security vulnerability exists in Dell Grab version 5.0.4 and earlier, which stems from a system containing an incorrect file permission vulnerability that results i...

5.5CVSS6.5AI score0.00156EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.35 views

Docker Desktop < 4.5.0 Incorrect File Permissions

The version of Docker Desktop for Windows is prior to 4.5.0. It is therefore affected by a vulnerability that allows attackers to move arbitrary files. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900...

5.3CVSS6.8AI score0.00926EPSS
Exploits0References2
NVD
NVD
added 2023/04/18 4:15 p.m.21 views

CVE-2023-28143

Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...

7CVSS6.8AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/18 3:54 p.m.24 views

CVE-2023-28143 Local Privilege Escalation

Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...

6.7CVSS7.4AI score0.00174EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.43 views

IBM QRadar SIEM Licensing Issue Vulnerability (CNVD-2022-83585)

IBM QRadar SIEM is a solution from IBM America that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRadar SI...

5.5CVSS2.5AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/20 5:35 p.m.14 views

CVE-2022-22424

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597...

5.1CVSS5.3AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/18 3:15 p.m.5 views

CVE-2022-34891

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.3AI score0.00277EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/07 2:12 p.m.19 views

Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords

Summary A flaw in the file permissions may expose IPMI user passwords. This may lead to privilege escalations. Vulnerability Details CVEID: CVE-2020-14156 DESCRIPTION: OpenBMC phosphor-host-ipmid could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to...

8.8CVSS8.1AI score0.01809EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/04/23 5:15 p.m.15 views

CVE-2021-31540

Wowza Streaming Engine through 4.8.5 in a default installation has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration...

7.1CVSS0.00389EPSS
Exploits1References3
CVE
CVE
added 2020/07/10 3:32 p.m.83 views

CVE-2020-8190

CVE-2020-8190 is a local elevation of privileges vulnerability in Citrix ADC and Citrix Gateway (and implicated Citrix SD-WAN WANOP appliances) caused by incorrect file permissions . It requires an authenticated user on the NSIP to exploit and can lead to privilege escalation within the device co...

7.5CVSS8.1AI score0.01235EPSS
In wildExploits0References1Affected Software1
OSV
OSV
added 2019/11/21 3:15 p.m.5 views

CVE-2019-17421

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...

7.8CVSS7.1AI score0.00554EPSS
Exploits1References3
Rows per page
Query Builder