| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. |
| Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. |
| Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. |
| Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34. |
| Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. |
| An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)
that could allow a local attacker to escalate privileges to kernel. |
| An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)
that could allow a local attacker to escalate privileges. |
| Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. |
| It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. |
| JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users.
In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue. |
| A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551. |
