Total
1593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5202 | 5 Apple, Google, Linux and 2 more | 5 Macos, Chrome, Linux Kernel and 2 more | 2024-11-21 | 9.1 Critical |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | ||||
| CVE-2016-4983 | 3 Dovecot, Opensuse, Redhat | 4 Dovecot, Leap, Opensuse and 1 more | 2024-11-21 | 3.3 Low |
| A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | ||||
| CVE-2016-2121 | 1 Redhat | 1 Openstack | 2024-11-21 | N/A |
| A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | ||||
| CVE-2016-11080 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | ||||
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 2.7 Low |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | ||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | ||||
| CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | ||||
| CVE-2015-9456 | 1 Orbisius | 1 Child Theme Creator | 2024-11-21 | 6.5 Medium |
| The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | ||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | ||||
| CVE-2014-1422 | 1 Canonical | 2 Trust-store \(ubuntu\), Trust-store \(ubuntu Rtm\) | 2024-11-21 | 5 Medium |
| In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1. | ||||
| CVE-2014-10402 | 1 Perl | 1 Dbi | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | ||||
| CVE-2014-10401 | 1 Perl | 1 Dbi | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | ||||
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-11-21 | 5.5 Medium |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | ||||
| CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-11-21 | 5.5 Medium |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | ||||
| CVE-2013-4367 | 2 Linux, Ovirt | 2 Linux Kernel, Ovirt-engine | 2024-11-21 | 7.8 High |
| ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | ||||
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-11-21 | 5.5 Medium |
| OpenStack nova base images permissions are world readable | ||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-11-21 | 3.3 Low |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | ||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 9.8 Critical |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | ||||
| CVE-2012-1160 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 2.7 Low |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | ||||
| CVE-2012-0433 | 1 Crowbar Project | 1 Crowbar | 2024-11-21 | N/A |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. | ||||