Check CVE Id
Check CWE Id
BarracudaDrive v6.5 Insecure Folder Permissions
BarracudaDrive 6.5 Local Privilege Escalation
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage
Hide.Me VPN Client 1.2.4 - Privilege Escalation
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
Zarafa Multiple incorrect default permissions
Eventum 2.3.4 Incorrect Permissions / Code Injection
High-Tech Bridge Secur...
Zavio IP Cameras multiple vulnerabilities
Photodex ProShow Producer 5.0.3310 Privilege Escalation
Inshell Security Advis...
CVEMAP Search Results
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V18.104.22.168B2.0000, V22.214.171.124B3.0000E
Ssd data cen...
Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.
Guild wars 2
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.
jitsi-meet-prosody in Jitsi Meet before 5026 does not ensure that restrict_room_creation is set by default.
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as "profile pictures." The user IDs can be easily determined by other responses from the API for an event or chat room.
True image 2020
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe.
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
Back to Top