Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 2.7 Low |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | ||||
| CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | ||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2024-08-06 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2016-9604 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-08-06 | N/A |
| It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. | ||||
| CVE-2016-8657 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-08-06 | N/A |
| It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. | ||||
| CVE-2016-8637 | 1 Dracut Project | 1 Dracut | 2024-08-06 | N/A |
| A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. | ||||
| CVE-2016-7553 | 1 Irssi | 1 Buf.pl | 2024-08-06 | N/A |
| The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file. | ||||
| CVE-2016-6662 | 5 Debian, Mariadb, Oracle and 2 more | 13 Debian Linux, Mariadb, Mysql and 10 more | 2024-08-06 | N/A |
| Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. | ||||
| CVE-2016-6494 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2024-08-06 | N/A |
| The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | ||||
| CVE-2016-6322 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2024-08-06 | N/A |
| Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | ||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2024-08-06 | N/A |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | ||||
| CVE-2016-5202 | 5 Apple, Google, Linux and 2 more | 5 Macos, Chrome, Linux Kernel and 2 more | 2024-08-06 | 9.1 Critical |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | ||||
| CVE-2016-4984 | 2 Openldap, Redhat | 2 Openldap-servers, Enterprise Linux | 2024-08-06 | N/A |
| /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. | ||||
| CVE-2016-4983 | 3 Dovecot, Opensuse, Redhat | 4 Dovecot, Leap, Opensuse and 1 more | 2024-08-06 | 3.3 Low |
| A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | ||||
| CVE-2016-4982 | 1 Teether | 1 Authd | 2024-08-06 | N/A |
| authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | ||||
| CVE-2016-4455 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2024-08-06 | 3.3 Low |
| The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | ||||
| CVE-2016-4036 | 1 Opensuse | 2 Leap, Opensuse | 2024-08-06 | N/A |
| The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2016-3696 | 3 Fedoraproject, Pulpproject, Redhat | 4 Fedora, Pulp, Satellite and 1 more | 2024-08-06 | N/A |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | ||||
| CVE-2016-3112 | 2 Pulpproject, Redhat | 3 Pulp, Satellite, Satellite Capsule | 2024-08-05 | N/A |
| client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user. | ||||