CWE-276: CWE-276

This vulnerability allows local attackers to escalate privileges on systems with AMD Integrated Management Technology (AIM-T) Manageability Service in...

CVE-2018-9369 is a bootloader vulnerability in Android devices that allows attackers to specify kernel command line arguments via fastboot. This enabl...

This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions in the AMD Management Console installatio...

This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions in the AMD Cloud Manageability Service (A...

This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions in the AMD Ryzen Master Utility installat...

This vulnerability involves incorrect default permissions in the AMD HIP SDK installation directory, allowing local attackers to modify files and pote...

Incorrect default permissions in AMD μProf installation directory allow local attackers to modify files, potentially leading to privilege escalation ...

This vulnerability allows attackers to execute arbitrary code on systems running vulnerable versions of Nordic Semiconductor's nRF Sniffer for Bluetoo...

This vulnerability allows a local attacker to cause denial of service on the Agasta Sanketlife 2.0 ECG monitor by exploiting insecure permissions in t...

This vulnerability allows low-privileged Windows users to overwrite the Robot Schedule Enterprise Agent service executable. When the service restarts,...

This vulnerability allows a local attacker to escalate privileges and execute arbitrary code on systems running RaidenFTPD v2.4 build 4005 due to inse...

This vulnerability in OpenHarmony allows a local attacker to access confidential information or modify sensitive files due to incorrect default permis...

This vulnerability in XWiki's Collabora Online integration allows users with view-only permissions to gain edit access to documents when they open att...

This vulnerability allows authenticated users to bypass intended Active Directory permission restrictions when specific LDAP configuration is used. It...

This vulnerability allows authenticated users on Linux systems with affected Intel QAT drivers to escalate privileges via local access due to incorrec...

CVE-2021-21957 is a privilege escalation vulnerability in Dream Report ODS Remote Connector that allows attackers to execute arbitrary commands with e...

This vulnerability allows local privilege escalation on Android 11 devices through a confusing UI element in permission dialogs. Attackers can trick u...

This vulnerability in Trend Micro HouseCall for Home Networks installer allows local privilege escalation. An attacker with low-privileged access can ...

This CVE allows tenant system administrators on affected Juniper SRX devices to inadvertently send their network traffic to other tenants while modify...

This CVE-2021-0235 is a privilege escalation vulnerability in Juniper Junos OS on SRX and vSRX devices with tenant services. It allows tenant administ...

This vulnerability involves incorrect default permissions in Intel Xeon processor memory controller configurations when using Intel SGX (Software Guar...

This vulnerability in ZTE smart cameras allows users whose sharing permissions have been revoked to still control the camera remotely through the clou...

This CVE describes an improper privilege assignment vulnerability in Huawei ManageOne management software where processes can run with higher privileg...

This vulnerability in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to bypass validation and invoke external protocol handle...

This vulnerability allows local authenticated attackers to write arbitrary files anywhere on disk due to insecure default permissions in Ivanti Endpoi...

This vulnerability allows attackers to upload malicious firmware to Unitree Go1 robots by exploiting insecure MD5 checksum verification. Attackers can...

This CVE describes a local privilege escalation vulnerability in macOS where improper permission validation allows a local attacker to gain elevated p...

This vulnerability allows attackers with access to a compromised Windows device to retrieve passwords associated with Desktop MFA passwordless logins ...

CVE-2023-45896 is an out-of-bounds read vulnerability in the Linux kernel's ntfs3 filesystem driver. It allows a physically proximate attacker with lo...

This CVE describes a permissions issue in Apple operating systems that allows applications to bypass Privacy preferences. It affects users of watchOS,...

This vulnerability allows any local app on affected Android devices to access the Wi-Fi MAC address without permissions, bypassing Android 10+ restric...

This vulnerability in DUALSPACE Lock Master v2.2.4 allows local attackers to cause denial of service or access sensitive information through improper ...

MELAG FTP Server 2.2.0.4 has weak file permissions that allow any user (including unauthenticated 'Everyone' group) to read the FTP configuration file...

CVE-2021-45083 is a privilege escalation vulnerability in Cobbler where sensitive files containing password hashes and configuration secrets are world...

This vulnerability in NVIDIA GPU Display Driver for Linux allows attackers to bypass file system permissions on GPU devices, potentially leading to de...

Dell PowerProtect Data Manager versions 19.19 and 19.20 on Hyper-V have incorrect default permissions that allow local low-privileged attackers to ele...

This vulnerability allows attackers to bypass Android permission checks through a race condition in AccountManagerService, enabling unauthorized acces...

This vulnerability allows local attackers to escalate privileges on systems running MLflow when the spark_udf() API is called. Attackers can exploit i...

This vulnerability allows a local authenticated attacker to modify files in the FortiClient or FortiConverter installation folder when installed in an...

CVE-2023-28079 is an insecure file and folder permissions vulnerability in Dell PowerPath for Windows that allows non-admin users to escalate privileg...

A directory permissions vulnerability in Lenovo System Update allows local authenticated users to write arbitrary files to protected directories, pote...

Dell Trusted Device Agent versions before 5.3.0 have improper installation permissions that allow an unauthenticated local attacker to escalate privil...

Dell PowerScale OneFS has an incorrect default permissions vulnerability that allows high-privileged local attackers to execute arbitrary code, cause ...

This vulnerability allows local attackers to escalate privileges on Windows systems running vulnerable versions of Acronis Cloud Manager. Attackers ca...

This vulnerability in Intel Thread Director Visualizer software allows local authenticated attackers to escalate privileges through incorrect default ...

This vulnerability in Intel PresentMon before version 2.3.1 involves incorrect default permissions that could allow local authenticated attackers to e...

The Intel Processor Identification Utility before version 8.0.43 has incorrect default permissions that could allow a local authenticated attacker to ...

This vulnerability in Intel One Boot Flash Update software allows local authenticated users to escalate privileges through incorrect default permissio...

This vulnerability in AI Playground software allows authenticated users with local access to escalate privileges due to incorrect default permissions....

This vulnerability in Intel Distribution for Python installers allows authenticated local users to escalate privileges due to incorrect default permis...