ReportizFlow
Filtered by vendor
Subscriptions
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-11-21 | 5.5 Medium |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | ||||
| CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-11-21 | 5.5 Medium |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | ||||
| CVE-2013-4367 | 2 Linux, Ovirt | 2 Linux Kernel, Ovirt-engine | 2024-11-21 | 7.8 High |
| ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | ||||
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-11-21 | 5.5 Medium |
| OpenStack nova base images permissions are world readable | ||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-11-21 | 3.3 Low |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | ||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 9.8 Critical |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | ||||
| CVE-2012-1160 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 2.7 Low |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | ||||
| CVE-2012-0433 | 1 Crowbar Project | 1 Crowbar | 2024-11-21 | N/A |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. | ||||
| CVE-2011-4912 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | ||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | ||||
| CVE-2011-2515 | 3 Debian, Packagekit Project, Redhat | 3 Debian Linux, Packagekit, Enterprise Linux Server | 2024-11-21 | 5.3 Medium |
| PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | ||||
| CVE-2010-0747 | 2 Debian, Linbit | 2 Debian Linux, Drbd8 | 2024-11-21 | 7.8 High |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | ||||
| CVE-2010-0737 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 8.0 High |
| A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | ||||
| CVE-2007-5743 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2024-11-21 | 7.5 High |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | ||||
| CVE-2024-47808 | 1 Siemens | 1 Sinec Nms | 2024-11-14 | 8.4 High |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system. | ||||
| CVE-2024-47783 | 1 Siemens | 2 Siport, Siport Mp | 2024-11-14 | 7.8 High |
| A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges. | ||||
| CVE-2024-10228 | 1 Hashicorp | 1 Vagrant Vmware Utility | 2024-11-07 | 3.8 Low |
| The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 | ||||
| CVE-2024-45164 | 1 Akamai | 1 Secure Internet Access Enterprise Threatavert | 2024-11-06 | 4.3 Medium |
| Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement. | ||||
| CVE-2024-46897 | 1 Exceedone | 1 Exment | 2024-10-22 | 3.8 Low |
| Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table. | ||||
| CVE-2024-47833 | 1 Avaiga | 1 Taipy | 2024-10-16 | 6.5 Medium |
| Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||