Login Sign Up

CWE-378: CWE-378

17
Total CVEs
1
Critical
10
High
7.2
Avg CVSS

Yearly Trend

2026
3
2025
5
2024
3
2021
5
2020
1

Top Affected Vendors

1 Dell 4
2 Cisco 3
3 Quarkus 2
4 Google 1
5 Netapp 1
6 Siemens 1
7 Oracle 1
8 Suse 1
9 Netscout 1
10 Gradle 1

All CWE-378 CVEs (17)

CVE-2024-39872
9.6

A privilege escalation vulnerability in SINEMA Remote Connect Server allows authenticated attackers with 'Manage firmware updates' role to gain OS-lev...

Jul 9, 2024
CVE-2025-32438
8.8

CVE-2025-32438 is a local privilege escalation vulnerability in make-initrd-ng on NixOS systems. When systemd.shutdownRamfs.enable is enabled (the def...

Apr 15, 2025
CVE-2025-27148
8.8

This vulnerability allows local privilege escalation on Unix-like systems when Gradle builds use vulnerable versions of the native-platform library. A...

Feb 25, 2025
CVE-2021-29428
8.8

This vulnerability allows local privilege escalation on Unix-like systems by exploiting insecure permissions in the system temporary directory. Attack...

Apr 13, 2021
CVE-2025-38747
7.8

Dell SupportAssist OS Recovery versions before 5.5.14.0 create temporary files with insecure permissions, allowing local authenticated attackers to mo...

Aug 6, 2025
CVE-2024-7358
7.8

This critical vulnerability in Getscreen Agent 2.19.6 on Windows allows local attackers to create temporary files with insecure permissions during ins...

Aug 1, 2024
CVE-2021-25314
7.8

CVE-2021-25314 is a local privilege escalation vulnerability in hawk2 component of SUSE Linux Enterprise High Availability. It allows local attackers ...

Apr 14, 2021
CVE-2025-46685
7.5

Dell SupportAssist OS Recovery versions before 5.5.15.1 create temporary files with insecure permissions, allowing local low-privileged attackers to m...

Jan 13, 2026
CVE-2021-1427
7.0

This vulnerability in Cisco AnyConnect Secure Mobility Client for Windows allows authenticated local attackers to hijack DLL or executable files durin...

May 6, 2021
CVE-2021-1429
7.0

This vulnerability allows authenticated local attackers on Windows systems with Cisco AnyConnect Secure Mobility Client to hijack DLL or executable fi...

May 6, 2021
CVE-2021-1496
7.0

This vulnerability allows authenticated local attackers on Windows systems with Cisco AnyConnect Secure Mobility Client to hijack DLL or executable fi...

May 6, 2021
CVE-2025-46684
6.6

Dell SupportAssist OS Recovery versions before 5.5.15.1 create temporary files with insecure permissions, allowing local low-privileged attackers to m...

Jan 13, 2026
CVE-2025-55629
6.5

This vulnerability allows attackers to change other users' passwords on Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell devices by manipulating the use...

Aug 22, 2025
CVE-2025-32979
6.5

This vulnerability in NETSCOUT nGeniusONE allows authenticated users to create arbitrary files on the system. This could lead to various malicious act...

Apr 25, 2025
CVE-2024-52543
6.5

Dell NativeEdge version 2.1.0.0 contains a temporary file creation vulnerability with insecure permissions. A high-privileged attacker with local acce...

Dec 25, 2024
CVE-2026-2817
4.4

CVE-2026-2817 is a local privilege escalation vulnerability in Spring Data Geode where snapshot imports extract archives into predictable, permissive ...

Feb 19, 2026
CVE-2020-8908
3.3

This vulnerability in Google Guava's createTempDir() method creates temporary directories with world-readable permissions on Unix-like systems, allowi...

Dec 10, 2020

About CWE-378 (CWE-378)

Our database tracks 17 CVEs classified as CWE-378, with 1 rated critical and 10 rated high severity. The average CVSS score for CWE-378 vulnerabilities is 7.2.

External reference: View CWE-378 on MITRE CWE →

Monitor CWE-378 Vulnerabilities

Get alerted when new CWE-378 CVEs affect your infrastructure.

Start Monitoring Free