Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | |||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
| CVE-2016-10846 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 8.5 HIGH | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | |||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
| CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | |||||
| CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||||
| CVE-2017-9327 | 1 Cloudera | 1 Cloudera Manager | 2019-07-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Secret data of processes managed by CM is not secured by file permissions. | |||||
| CVE-2017-17060 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | |||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2019-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | |||||
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2019-04-26 | 9.3 HIGH | 8.1 HIGH |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | |||||
| CVE-2016-6715 | 1 Google | 1 Android | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954. | |||||
| CVE-2016-6719 | 1 Google | 1 Android | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989. | |||||
| CVE-2014-6047 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-10-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | |||||
| CVE-2015-8300 | 1 Polycom | 1 Btoe Connector | 2018-09-26 | 7.2 HIGH | 7.8 HIGH |
| Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2016-9061 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-5299 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | |||||
| CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2018-06-07 | 3.6 LOW | 4.4 MEDIUM |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | |||||
| CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2018-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||