Total
1514 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4982 | 1 Teether | 1 Authd | 2025-04-20 | N/A |
| authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | ||||
| CVE-2016-4984 | 2 Openldap, Redhat | 2 Openldap-servers, Enterprise Linux | 2025-04-20 | N/A |
| /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. | ||||
| CVE-2017-2115 | 1 Cybozu | 1 Office | 2025-04-20 | N/A |
| Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | ||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2025-04-20 | N/A |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | ||||
| CVE-2017-0883 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2017-1000134 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | ||||
| CVE-2017-7307 | 1 Riverbed | 1 Rios | 2025-04-20 | N/A |
| Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file. | ||||
| CVE-2017-11156 | 1 Synology | 1 Download Station | 2025-04-20 | N/A |
| Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | ||||
| CVE-2017-1000096 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2025-04-20 | N/A |
| Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | ||||
| CVE-2017-11422 | 1 Statamic | 1 Statamic | 2025-04-20 | 8.8 High |
| Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc. | ||||
| CVE-2017-7337 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2025-04-20 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2017-5118 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 4.3 Medium |
| Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2017-1000022 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | N/A |
| LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | ||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-20 | N/A |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | ||||
| CVE-2017-8109 | 1 Saltstack | 1 Salt | 2025-04-20 | N/A |
| The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). | ||||
| CVE-2017-8158 | 1 Huawei | 1 Fusioncompute | 2025-04-20 | N/A |
| FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable. | ||||
| CVE-2017-16882 | 1 Icinga | 1 Icinga | 2025-04-20 | N/A |
| Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | ||||
| CVE-2017-8857 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | N/A |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | ||||
| CVE-2015-5284 | 1 Freeipa | 1 Freeipa | 2025-04-20 | N/A |
| ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | ||||