CWE:
 

Topic
Date
Author
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
28.04.2019
Cisco Talos
High
aws-cfn-bootstrap Local Code Execution
04.12.2017
Harry Sintonen
Med.
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
22.08.2016
Multiple
Low
Samsung SNS Provider Application For Android Access Theft
13.03.2015
Sadosky


CVEMAP Search Results

CVE
Details
Description
2019-11-14
Low
CVE-2012-1160

Vendor: Moodle
Software: Moodle
 

 
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php

 
2019-11-07
Low
CVE-2007-5743

Vendor: Viewvc
Software: Viewvc
 

 
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

 
Medium
CVE-2019-16877

Vendor: Portainer
Software: Portainer
 

 
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).

 
Low
CVE-2019-16874

Vendor: Portainer
Software: Portainer
 

 
Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).

 
High
CVE-2019-16872

Vendor: Portainer
Software: Portainer
 

 
Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).

 
2019-11-06
Low
CVE-2019-5642

Vendor: Rapid7
Software: Metasploit
 

 
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.

 
2019-11-05
Low
CVE-2019-5068

Vendor: Mesa3d
Software: MESA
 

 
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

 
Low
CVE-2016-4983

Vendor: Dovecot
Software: Dovecot
 

 
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

 
2019-10-31
Low
CVE-2019-18645

Updating...
 

 
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories.

 
2019-10-25
Medium
CVE-2016-5202

Updating...
 

 
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top