Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.
there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
Some Huawei wearables have a permission management vulnerability.
Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation.
Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service.
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.