Total
66 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1396 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. | |||||
CVE-2014-6047 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | |||||
CVE-2017-1418 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2023-12-10 | 3.6 LOW | 5.5 MEDIUM |
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. | |||||
CVE-2016-8732 | 1 Sophos | 1 Invincea Dell Protected Workspace | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | |||||
CVE-2016-8520 | 1 Eucalyptus | 1 Eucalyptus | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data. | |||||
CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | |||||
CVE-2017-5809 | 1 Hp | 1 Data Protector | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | |||||
CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | |||||
CVE-2013-4201 | 1 Katello | 1 Katello | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | |||||
CVE-2016-5299 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | |||||
CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | |||||
CVE-2016-9061 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2017-16887 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password. | |||||
CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||
CVE-2017-2694 | 1 Huawei | 1 Vmall | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. | |||||
CVE-2017-7088 | 1 Apple | 1 Iphone Os | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account. | |||||
CVE-2015-7781 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | |||||
CVE-2015-7842 | 1 Huawei | 20 Ch121 V3, Ch121 V3 Firmware, Ch220 V3 and 17 more | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. |