Filtered by CWE-276
Filtered by vendor Subscriptions
Total 1138 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-1762 1 Wordpress 1 Wordpress 2024-11-21 6.5 Medium
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
CVE-2011-1435 1 Google 1 Chrome 2024-11-21 N/A
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.
CVE-2010-5108 2 Debian, Edgewall 2 Debian Linux, Trac 2024-11-21 7.5 High
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
CVE-2010-4176 3 Dracut Project, Fedoraproject, Udev Project 3 Dracut, Fedora, Udev 2024-11-21 N/A
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
CVE-2005-1941 1 Silvercity Project 1 Silvercity 2024-11-21 7.8 High
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
CVE-2004-1778 1 Skype 1 Skype 2024-11-21 N/A
Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.
CVE-2002-1844 2 Microsoft, Oracle 2 Windows Media Player, Solaris 2024-11-21 7.8 High
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
CVE-2002-1713 1 Mandrakesoft 1 Mandrake Linux 2024-11-21 5.5 Medium
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
CVE-2001-0497 1 Isc 1 Bind 2024-11-21 7.8 High
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
CVE-1999-0426 1 Suse 1 Suse Linux 2024-11-21 9.8 Critical
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
CVE-2024-48293 1 Quickheal Antivirus Pro 1 Quickheal Antivirus Pro 2024-11-20 6.5 Medium
Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings.
CVE-2024-48292 2 Quickheal Antivirus Pro, Quickheal Total Security 2 Quickheal Antivirus Pro, Quickheal Total Security 2024-11-20 8.8 High
An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges.
CVE-2024-51051 1 Avscms 1 Avscms 2024-11-20 9.8 Critical
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.
CVE-2024-51765 1 Hpe 1 Cray System Management Software 2024-11-19 5.5 Medium
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
CVE-2024-51764 1 Hpe 1 Sgi Cxfs 2024-11-19 5.5 Medium
A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
CVE-2024-44760 1 Sunmochina 1 Enterprise Management System 2024-11-15 9.1 Critical
Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.
CVE-2024-5474 1 Lenovo 2 Dolby Vision Provisioning, Dolby Vision Provisioning Software 2024-11-15 5.5 Medium
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
CVE-2024-52551 1 Jenkins Project 1 Jenkins Pipeline Declaratrive Plugin 2024-11-15 8 High
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.
CVE-2024-21820 1 Intel 4 3rd Generation Intel Xeon Scalable Processor Family, 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family and 1 more 2024-11-15 7.2 High
Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-25647 1 Intel Binary Configuration Tool Software For Windows 1 Intel Binary Configuration Tool Software For Windows 2024-11-15 6.7 Medium
Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.