Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28739 | 2024-08-08 | 6.7 Medium | ||
| Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2024-08-08 | 7.8 High |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | ||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2024-08-08 | 5.5 Medium |
| The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | ||||
| CVE-2004-1778 | 1 Skype | 1 Skype | 2024-08-08 | N/A |
| Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks. | ||||
| CVE-2005-1941 | 1 Silvercity Project | 1 Silvercity | 2024-08-07 | 7.8 High |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | ||||
| CVE-2024-34012 | 1 Acronis | 1 Cloud Manager | 2024-08-07 | 4.4 Medium |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. | ||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-08-07 | 7.5 High |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | ||||
| CVE-2010-4176 | 3 Dracut Project, Fedoraproject, Udev Project | 3 Dracut, Fedora, Udev | 2024-08-07 | N/A |
| plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | ||||
| CVE-2011-4361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-07 | N/A |
| MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | ||||
| CVE-2011-2859 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | ||||
| CVE-2011-2782 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-08-06 | N/A |
| The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-08-06 | 6.5 Medium |
| A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. | ||||
| CVE-2011-1435 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension. | ||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-08-06 | 5.5 Medium |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | ||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2024-08-06 | 6.2 Medium |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created | ||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2024-08-06 | 7.5 High |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. | ||||
| CVE-2012-4453 | 3 Dracut Project, Fedoraproject, Redhat | 6 Dracut, Fedora, Enterprise Linux and 3 more | 2024-08-06 | N/A |
| dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | ||||
| CVE-2012-4434 | 1 Cipherdyne | 1 Fwknop | 2024-08-06 | 8.8 High |
| fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. | ||||
| CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-06 | 4.3 Medium |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | ||||
| CVE-2013-4859 | 1 Insteon | 2 Hub, Hub Firmware | 2024-08-06 | 8.1 High |
| INSTEON Hub 2242-222 lacks Web and API authentication | ||||