ReportizFlow
Filtered by vendor
Subscriptions
Total
1406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 2.7 Low |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | ||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | ||||
| CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2024-11-21 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2016-0823 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-11-21 | N/A |
| The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | ||||
| CVE-2015-9456 | 1 Orbisius | 1 Child Theme Creator | 2024-11-21 | 6.5 Medium |
| The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | ||||
| CVE-2015-8842 | 1 Opensuse | 1 Opensuse | 2024-11-21 | N/A |
| tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-8660 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | 6.7 Medium |
| The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | ||||
| CVE-2015-7613 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. | ||||
| CVE-2015-5284 | 1 Freeipa | 1 Freeipa | 2024-11-21 | N/A |
| ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | ||||
| CVE-2015-4053 | 2 Ceph, Redhat | 2 Ceph-deploy, Ceph Storage | 2024-11-21 | N/A |
| The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2024-11-21 | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | ||||
| CVE-2015-3243 | 1 Rsyslog | 1 Rsyslog | 2024-11-21 | N/A |
| rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | ||||
| CVE-2015-3201 | 1 Redhat | 2 Rhel Software Collections, Thermostat | 2024-11-21 | N/A |
| Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. | ||||
| CVE-2015-3171 | 1 Sos Project | 1 Sos | 2024-11-21 | 5.5 Medium |
| sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. | ||||
| CVE-2015-3010 | 2 Ceph, Redhat | 2 Ceph-deploy, Ceph Storage | 2024-11-21 | N/A |
| ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2015-0237 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. | ||||
| CVE-2014-9770 | 1 Opensuse | 1 Opensuse | 2024-11-21 | N/A |
| tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files. | ||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | ||||