Total
1414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4455 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2024-11-21 | 3.3 Low |
| The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | ||||
| CVE-2016-4036 | 1 Opensuse | 2 Leap, Opensuse | 2024-11-21 | N/A |
| The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2016-3696 | 3 Fedoraproject, Pulpproject, Redhat | 4 Fedora, Pulp, Satellite and 1 more | 2024-11-21 | N/A |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | ||||
| CVE-2016-3112 | 2 Pulpproject, Redhat | 3 Pulp, Satellite, Satellite Capsule | 2024-11-21 | N/A |
| client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user. | ||||
| CVE-2016-3107 | 2 Pulpproject, Redhat | 3 Pulp, Satellite, Satellite Capsule | 2024-11-21 | N/A |
| The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | ||||
| CVE-2016-2142 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
| Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | ||||
| CVE-2016-2121 | 1 Redhat | 1 Openstack | 2024-11-21 | N/A |
| A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | ||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2024-11-21 | N/A |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | ||||
| CVE-2016-11080 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | ||||
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 2.7 Low |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | ||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | ||||
| CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2024-11-21 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2016-0823 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-11-21 | N/A |
| The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | ||||
| CVE-2015-9456 | 1 Orbisius | 1 Child Theme Creator | 2024-11-21 | 6.5 Medium |
| The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | ||||
| CVE-2015-8842 | 1 Opensuse | 1 Opensuse | 2024-11-21 | N/A |
| tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-8660 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | 6.7 Medium |
| The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | ||||
| CVE-2015-7613 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. | ||||
| CVE-2015-5284 | 1 Freeipa | 1 Freeipa | 2024-11-21 | N/A |
| ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | ||||
| CVE-2015-4053 | 2 Ceph, Redhat | 2 Ceph-deploy, Ceph Storage | 2024-11-21 | N/A |
| The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||||