Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0449 | 1 Cisco | 1 Jabber | 2024-09-16 | 4.2 Medium |
| A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten. | ||||
| CVE-2022-22251 | 1 Juniper | 2 Csrx, Junos | 2024-09-16 | 7.8 High |
| On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. | ||||
| CVE-2023-6302 | 1 Cskaza | 1 Cszcms | 2024-08-29 | 4.7 Medium |
| A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2024-08-06 | N/A |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | ||||
| CVE-2013-4201 | 2 Katello, Redhat | 3 Katello, Satellite, Satellite Capsule | 2024-08-06 | N/A |
| Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | ||||
| CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-08-06 | N/A |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | ||||
| CVE-2014-6047 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-06 | N/A |
| phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | ||||
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-08-06 | N/A |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | ||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-08-06 | N/A |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | ||||
| CVE-2015-8300 | 1 Polycom | 1 Btoe Connector | 2024-08-06 | N/A |
| Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2015-8223 | 1 Huawei | 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more | 2024-08-06 | N/A |
| Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. | ||||
| CVE-2015-7889 | 2 Google, Samsung | 2 Android, Galaxy S6 Edge | 2024-08-06 | N/A |
| The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | ||||
| CVE-2015-7781 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-08-06 | N/A |
| ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | ||||
| CVE-2015-7842 | 1 Huawei | 20 Ch121 V3, Ch121 V3 Firmware, Ch220 V3 and 17 more | 2024-08-06 | N/A |
| Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. | ||||
| CVE-2015-5153 | 1 Pulp Project | 1 Pulp | 2024-08-06 | N/A |
| Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | ||||
| CVE-2016-10846 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | ||||
| CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | ||||
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | ||||
| CVE-2016-9869 | 1 Emc | 1 Scaleio | 2024-08-06 | N/A |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable. | ||||
| CVE-2016-9462 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-08-06 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. | ||||