Vulnerabilities (CVE)

Filtered by CWE-275
Total 70 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7842 1 Huawei 20 Ch121 V3, Ch121 V3 Firmware, Ch220 V3 and 17 more 2024-11-21 5.5 MEDIUM 7.1 HIGH
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
CVE-2015-7781 1 Zohocorp 1 Manageengine Firewall Analyzer 2024-11-21 5.0 MEDIUM 7.5 HIGH
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
CVE-2015-5153 1 Pulp Project 1 Pulp 2024-11-21 6.5 MEDIUM 8.8 HIGH
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
CVE-2014-6047 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
CVE-2014-1632 1 Eventum Project 1 Eventum 2024-11-21 9.3 HIGH 8.1 HIGH
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
CVE-2014-1631 1 Eventum Project 1 Eventum 2024-11-21 5.0 MEDIUM 7.5 HIGH
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
CVE-2013-4201 1 Katello 1 Katello 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
CVE-2013-4040 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2024-11-21 2.1 LOW 5.5 MEDIUM
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176.
CVE-2013-3703 1 Opensuse 1 Open Build Service 2024-11-21 4.0 MEDIUM 8.8 HIGH
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.
CVE-2012-5628 1 Gofer Project 1 Gofer 2024-11-21 3.6 LOW 4.4 MEDIUM
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries.