CWE:
 

Topic
Date
Author
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Med.
BarracudaDrive 6.5 Local Privilege Escalation
11.08.2020
Bobby Cooke
Med.
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
02.07.2017
Karn Ganeshen
Med.
WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage
07.09.2016
sh4d0wman
Med.
Hide.Me VPN Client 1.2.4 - Privilege Escalation
08.07.2016
sh4d0wman
Med.
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
06.04.2016
orwelllabs
High
Zarafa Multiple incorrect default permissions
25.08.2014
Robert Scheck
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
Med.
Photodex ProShow Producer 5.0.3310 Privilege Escalation
20.03.2013
Inshell Security Advis...


CVEMAP Search Results

CVE
Details
Description
2021-10-18
Medium
CVE-2021-42098

Vendor: Devolutions
Software: Remote deskt...
 

 
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.

 
Medium
CVE-2021-42055

Updating...
 

 
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.

 
2021-10-11
High
CVE-2021-29005

Vendor: Rconfig
Software: Rconfig
 

 
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

 
2021-10-05
Low
CVE-2021-39886

Vendor: Gitlab
Software: Gitlab
 

 
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.

 
2021-09-29
Low
CVE-2021-33923

Vendor: Confluent
Software: Cp-ansible
 

 
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).

 
2021-09-28
Medium
CVE-2021-36365

Vendor: Nagios
Software: Nagios xi
 

 
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.

 
Medium
CVE-2021-36363

Vendor: Nagios
Software: Nagios xi
 

 
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.

 
2021-09-08
Low
CVE-2021-30750

Vendor: Apple
Software: Mac os
 

 
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts.

 
Low
CVE-2021-1831

Vendor: Apple
Software: Ipados
 

 
The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.

 
Low
CVE-2021-1832

Vendor: Apple
Software: Ipad os
 

 
Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top