ReportizFlow
Filtered by vendor
Subscriptions
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2948 | 2 Redhat, Samba | 3 Enterprise Linux, Rhel Extras, Samba | 2026-04-23 | N/A |
| mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. | ||||
| CVE-2009-1073 | 1 Debian | 2 Debian Linux, Nss-ldap | 2026-04-23 | 5.5 Medium |
| nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. | ||||
| CVE-2008-0884 | 1 Redhat | 1 Enterprise Linux | 2026-04-23 | N/A |
| The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file. | ||||
| CVE-2007-6033 | 1 Wonderware | 1 Intouch | 2026-04-23 | 8.8 High |
| Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. | ||||
| CVE-2009-0141 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | 5.5 Medium |
| XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. | ||||
| CVE-2009-3482 | 1 Trustport | 2 Antivirus, Pc Security | 2026-04-23 | 7.8 High |
| TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs. | ||||
| CVE-2009-3939 | 7 Avaya, Canonical, Debian and 4 more | 20 Aura Application Enablement Services, Aura Communication Manager, Aura Session Manager and 17 more | 2026-04-23 | 7.1 High |
| The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | ||||
| CVE-2008-0322 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | 7.8 High |
| The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. | ||||
| CVE-2008-4870 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2026-04-23 | N/A |
| dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. | ||||
| CVE-2007-5544 | 1 Ibm | 2 Lotus Domino, Lotus Notes | 2026-04-23 | 7.8 High |
| IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | ||||
| CVE-2009-3611 | 2 Fedoraproject, Le-web | 2 Fedora, Backintime | 2026-04-23 | 7.1 High |
| common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. | ||||
| CVE-2009-3897 | 1 Dovecot | 1 Dovecot | 2026-04-23 | 5.5 Medium |
| Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | ||||
| CVE-2009-3489 | 1 Adobe | 1 Photoshop Elements | 2026-04-23 | 7.8 High |
| Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | ||||
| CVE-2008-3789 | 1 Samba | 1 Samba | 2026-04-23 | N/A |
| Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. | ||||
| CVE-2009-0115 | 9 Avaya, Christophe.varoqui, Debian and 6 more | 12 Intuity Audix Lx, Message Networking, Messaging Storage Server and 9 more | 2026-04-23 | 7.8 High |
| The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. | ||||
| CVE-2009-3289 | 3 Gnome, Opensuse, Suse | 3 Glib, Opensuse, Suse Linux Enterprise Server | 2026-04-23 | 7.8 High |
| The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | ||||
| CVE-2008-0890 | 1 Redhat | 1 Directory Server | 2026-04-23 | N/A |
| Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. | ||||
| CVE-2008-0662 | 1 Checkpoint | 1 Vpn-1 Secureclient | 2026-04-23 | 7.8 High |
| The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. | ||||
| CVE-2026-6386 | 1 Freebsd | 1 Freebsd | 2026-04-23 | 6.2 Medium |
| In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface. In particular, it would always treat a page directory page entry as pointing to another page table page. The bug can be abused by an unprivileged user to cause pmap_pkru_update_range() to treat userspace memory as a page table page, and thus overwrite memory to which the application would otherwise not have access. | ||||
| CVE-2026-6842 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2026-04-23 | 2.5 Low |
| A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed. | ||||