Search Results (1814 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0394 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
CVE-2017-17876 1 Iwcnetwork 1 Shift 2025-04-20 N/A
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
CVE-2017-5669 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 7.8 High
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.
CVE-2017-12230 1 Cisco 1 Ios Xe 2025-04-20 N/A
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062.
CVE-2017-6972 2 Alienvault, Nfsen 3 Ossim, Unified Security Management, Nfsen 2025-04-20 N/A
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
CVE-2017-0847 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.
CVE-2017-7145 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.
CVE-2017-7088 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account.
CVE-2017-4975 1 Pivotal 1 Pcf Tile Generator 2025-04-20 N/A
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.
CVE-2017-14427 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
CVE-2017-14425 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
CVE-2017-12699 1 Azeotech 1 Daqfactory 2025-04-20 N/A
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.
CVE-2017-11463 1 Ivanti 1 Endpoint Manager 2025-04-20 N/A
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.
CVE-2017-14424 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
CVE-2017-1000089 2 Jenkins, Redhat 2 Pipeline\, Openshift 2025-04-20 N/A
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
CVE-2017-11156 1 Synology 1 Download Station 2025-04-20 N/A
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
CVE-2017-16522 1 Mitrastar 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more 2025-04-20 N/A
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
CVE-2017-0884 1 Nextcloud 1 Nextcloud Server 2025-04-20 4.3 Medium
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
CVE-2015-7889 2 Google, Samsung 2 Android, Galaxy S6 Edge 2025-04-20 N/A
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
CVE-2017-5642 1 Apache 1 Ambari 2025-04-20 N/A
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.