Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000084 | 1 Jenkins | 1 Parameterized Trigger | 2025-04-20 | N/A |
| Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | ||||
| CVE-2017-5684 | 1 Intel | 2 Stk2mv64cc, Stk2mv64cc Bios | 2025-04-20 | N/A |
| The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | ||||
| CVE-2017-4975 | 1 Pivotal | 1 Pcf Tile Generator | 2025-04-20 | N/A |
| An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator. | ||||
| CVE-2017-12699 | 1 Azeotech | 1 Daqfactory | 2025-04-20 | N/A |
| An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. | ||||
| CVE-2017-16522 | 1 Mitrastar | 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more | 2025-04-20 | N/A |
| MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | ||||
| CVE-2017-14427 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.8 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. | ||||
| CVE-2017-14425 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 7.8 High |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | ||||
| CVE-2017-12763 | 3 Apple, Linux, Nomachine | 3 Mac Os X, Linux Kernel, Nomachine | 2025-04-20 | N/A |
| An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | ||||
| CVE-2017-11741 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2025-04-20 | N/A |
| HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. | ||||
| CVE-2017-1000089 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2025-04-20 | N/A |
| Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | ||||
| CVE-2022-48685 | 1 Logpoint | 2 Logpoint, Siem | 2025-04-18 | 7.7 High |
| An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | ||||
| CVE-2024-34221 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 8.8 High |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | ||||
| CVE-2024-34223 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 4.3 Medium |
| Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | ||||
| CVE-2022-45793 | 1 Omron | 1 Automation Software Sysmac Studio | 2025-04-17 | 5.5 Medium |
| Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. | ||||
| CVE-2022-47551 | 1 Apiman | 1 Apiman | 2025-04-17 | 6.5 Medium |
| Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability. | ||||
| CVE-2020-14521 | 1 Mitsubishielectric | 60 C Controller Interface Module Utility, C Controller Module Setting And Monitoring Tool, Cc-link Ie Control Network Data Collector and 57 more | 2025-04-16 | 8.3 High |
| Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. | ||||
| CVE-2022-26839 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 7.8 High |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | ||||
| CVE-2022-3263 | 1 Measuresoft | 1 Scadapro Server | 2025-04-16 | 7.8 High |
| The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | ||||
| CVE-2024-22085 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 6.2 Medium |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. | ||||
| CVE-2022-23922 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2025-04-16 | 5.6 Medium |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | ||||