Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1422 | 1 Canonical | 2 Trust-store \(ubuntu\), Trust-store \(ubuntu Rtm\) | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
| In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1. | |||||
| CVE-2014-10402 | 1 Perl | 1 Dbi | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | |||||
| CVE-2014-10401 | 1 Perl | 1 Dbi | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | |||||
| CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | |||||
| CVE-2013-4367 | 2 Linux, Ovirt | 2 Linux Kernel, Ovirt-engine | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | |||||
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OpenStack nova base images permissions are world readable | |||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | |||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | |||||
| CVE-2012-1160 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | |||||
| CVE-2012-0433 | 1 Crowbar Project | 1 Crowbar | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. | |||||
| CVE-2011-4912 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | |||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2011-2515 | 3 Debian, Packagekit Project, Redhat | 3 Debian Linux, Packagekit, Enterprise Linux Server | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | |||||
| CVE-2010-0747 | 2 Debian, Linbit | 2 Debian Linux, Drbd8 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | |||||
| CVE-2010-0737 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | |||||
| CVE-2007-5743 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | |||||
| CVE-2024-47808 | 1 Siemens | 1 Sinec Nms | 2024-11-13 | N/A | 8.4 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system. | |||||
| CVE-2024-47783 | 1 Siemens | 1 Siport | 2024-11-13 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges. | |||||
| CVE-2024-10526 | 2024-11-08 | N/A | N/A | ||
| Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3. | |||||
| CVE-2024-50590 | 2024-11-08 | N/A | 7.8 HIGH | ||
| Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”. Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM". | |||||