Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | ||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | ||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | ||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | ||||
| CVE-2017-17876 | 1 Iwcnetwork | 1 Shift | 2024-08-05 | N/A |
| Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | ||||
| CVE-2017-17060 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-05 | N/A |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | ||||
| CVE-2017-16887 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2024-08-05 | N/A |
| The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password. | ||||
| CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2024-08-05 | N/A |
| In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | ||||
| CVE-2017-9327 | 1 Cloudera | 1 Cloudera Manager | 2024-08-05 | N/A |
| Secret data of processes managed by CM is not secured by file permissions. | ||||
| CVE-2017-7145 | 1 Apple | 1 Iphone Os | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data. | ||||
| CVE-2017-7144 | 1 Apple | 2 Iphone Os, Safari | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. | ||||
| CVE-2017-7088 | 1 Apple | 1 Iphone Os | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account. | ||||
| CVE-2017-6513 | 1 Softaculous | 2 Virtualizor, Whmcs Reseller Module | 2024-08-05 | N/A |
| The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. | ||||
| CVE-2017-2590 | 2 Freeipa, Redhat | 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-08-05 | N/A |
| A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. | ||||
| CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2017-0883 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2018-0392 | 1 Cisco | 6 Mobility Services Engine 3310, Mobility Services Engine 3310 Firmware, Mobility Services Engine 3355 and 3 more | 2024-08-05 | N/A |
| A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087. | ||||
| CVE-2019-11146 | 1 Intel | 1 Driver \& Support Assistant | 2024-08-04 | N/A |
| Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-11145 | 1 Intel | 1 Driver \& Support Assistant | 2024-08-04 | 7.8 High |
| Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-2177 | 1 Google | 1 Android | 2024-08-04 | N/A |
| In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | ||||