Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2590 | 2 Freeipa, Redhat | 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. | |||||
CVE-2017-1418 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-11-21 | 3.6 LOW | 4.0 MEDIUM |
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. | |||||
CVE-2017-1396 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.5 MEDIUM | 4.2 MEDIUM |
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. | |||||
CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | |||||
CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
CVE-2017-17876 | 1 Iwcnetwork | 1 Shift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | |||||
CVE-2017-17060 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | |||||
CVE-2017-16887 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password. | |||||
CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||
CVE-2016-9869 | 1 Emc | 1 Scaleio | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable. | |||||
CVE-2016-9061 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2016-8856 | 1 Foxitsoftware | 1 Reader | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both. | |||||
CVE-2016-8732 | 1 Sophos | 1 Invincea Dell Protected Workspace | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | |||||
CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
CVE-2016-8520 | 1 Eucalyptus | 1 Eucalyptus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data. | |||||
CVE-2016-8214 | 1 Emc | 2 Avamar Data Store, Avamar Virtual Edition | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | |||||
CVE-2016-7988 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. |