Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2.
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.
In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data.
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.