Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8520 | 1 Eucalyptus | 1 Eucalyptus | 2018-03-13 | 6.5 MEDIUM | 8.8 HIGH |
| HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data. | |||||
| CVE-2017-5809 | 1 Hp | 1 Data Protector | 2018-03-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
| CVE-2017-16887 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2018-02-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password. | |||||
| CVE-2015-7889 | 2 Google, Samsung | 2 Android, Galaxy S6 Edge | 2018-01-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | |||||
| CVE-2017-17876 | 1 Iwcnetwork | 1 Shift | 2018-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | |||||
| CVE-2017-8153 | 1 Huawei | 1 Vmall | 2017-12-12 | 5.8 MEDIUM | 7.1 HIGH |
| Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak. | |||||
| CVE-2017-2694 | 1 Huawei | 1 Vmall | 2017-12-11 | 4.3 MEDIUM | 3.3 LOW |
| The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. | |||||
| CVE-2015-7842 | 1 Huawei | 20 Ch121 V3, Ch121 V3 Firmware, Ch220 V3 and 17 more | 2017-11-05 | 5.5 MEDIUM | 7.1 HIGH |
| Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. | |||||
| CVE-2017-7144 | 1 Apple | 2 Iphone Os, Safari | 2017-10-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. | |||||
| CVE-2017-7145 | 1 Apple | 1 Iphone Os | 2017-10-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data. | |||||
| CVE-2017-7088 | 1 Apple | 1 Iphone Os | 2017-10-26 | 7.1 HIGH | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account. | |||||
| CVE-2015-5153 | 1 Pulp Project | 1 Pulp | 2017-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | |||||
| CVE-2016-8856 | 1 Foxitsoftware | 1 Reader | 2017-07-29 | 4.6 MEDIUM | 7.8 HIGH |
| Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both. | |||||
| CVE-2015-7781 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2017-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | |||||
| CVE-2016-4873 | 1 Cybozu | 1 Office | 2017-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | |||||
| CVE-2015-8223 | 1 Huawei | 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more | 2017-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. | |||||
| CVE-2017-6513 | 1 Softaculous | 2 Virtualizor, Whmcs Reseller Module | 2017-04-13 | 6.5 MEDIUM | 9.9 CRITICAL |
| The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. | |||||
| CVE-2016-2406 | 1 Huawei | 1 Document Security Management | 2017-03-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. | |||||
| CVE-2016-6648 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2017-03-08 | 2.1 LOW | 4.4 MEDIUM |
| EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. | |||||
| CVE-2016-8214 | 1 Emc | 2 Avamar Data Store, Avamar Virtual Edition | 2017-02-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | |||||