Vulnerabilities (CVE)

Filtered by CWE-275
Total 68 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39399 1 Huawei 2 Emui, Harmonyos 2024-10-09 N/A 9.1 CRITICAL
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39398 1 Huawei 2 Emui, Harmonyos 2024-10-09 N/A 9.1 CRITICAL
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-6302 1 Cskaza 1 Cszcms 2024-08-29 5.8 MEDIUM 7.2 HIGH
A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3118 2024-05-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6762 1 Thecosy 1 Icecms 2024-05-17 5.5 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability.
CVE-2023-5263 1 Zzzcms 1 Zzzcms 2024-05-17 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.
CVE-2023-3759 1 Intergard 1 Smartgard Silver With Matrix Keyboard 2024-05-17 6.5 MEDIUM 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2019-11145 1 Intel 1 Driver \& Support Assistant 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2016-10846 1 Cpanel 1 Cpanel 2024-02-28 8.5 HIGH 8.1 HIGH
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
CVE-2017-18427 1 Cpanel 1 Cpanel 2024-02-28 2.1 LOW 3.3 LOW
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
CVE-2017-18397 1 Cpanel 1 Cpanel 2024-02-28 2.1 LOW 3.3 LOW
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
CVE-2019-2177 1 Google 1 Android 2024-02-28 6.8 MEDIUM 8.8 HIGH
In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2017-18390 1 Cpanel 1 Cpanel 2024-02-28 7.2 HIGH 7.8 HIGH
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
CVE-2016-10818 1 Cpanel 1 Cpanel 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
CVE-2017-18425 1 Cpanel 1 Cpanel 2024-02-28 1.9 LOW 2.5 LOW
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
CVE-2017-18422 1 Cpanel 1 Cpanel 2024-02-28 2.1 LOW 3.3 LOW
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
CVE-2019-11146 1 Intel 1 Driver \& Support Assistant 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2017-17060 1 Open-xchange 1 Open-xchange Appsuite 2024-02-28 7.5 HIGH 9.8 CRITICAL
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
CVE-2016-10796 1 Cpanel 1 Cpanel 2024-02-28 2.1 LOW 3.3 LOW
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
CVE-2017-9327 1 Cloudera 1 Cloudera Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Secret data of processes managed by CM is not secured by file permissions.