| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade. |
| conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24. |
| Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Shared Components, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). |
| An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. |
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. |
| An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access. |
| Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). |
| An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. |
| An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. |
| Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.
This issue affects Apache Superset: before 2.1.2.
Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. |
| Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077. |
| Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker. |
| An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process. |
| Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. |
| An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. |
| A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts. |
| Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue affects DaVinci Resolve on macOS in all versions.
Last tested version: 19.1.3 |
