| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation. |
| Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. |
| wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2. |
| calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0. |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1. |
| No description is available for this CVE. |
| No description is available for this CVE. |
| NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification. |
| Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access. |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. |
| External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| NTLM Hash Disclosure Spoofing Vulnerability |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. |
| External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. |
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. |
| External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network. |
| External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. |
| A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5068 and later |