CWE:
 

Tytuł
Data
Autor
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Med.
BarracudaDrive 6.5 Local Privilege Escalation
11.08.2020
Bobby Cooke
Med.
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
02.07.2017
Karn Ganeshen
Med.
WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage
07.09.2016
sh4d0wman
Med.
Hide.Me VPN Client 1.2.4 - Privilege Escalation
08.07.2016
sh4d0wman
Med.
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
06.04.2016
orwelllabs
High
Zarafa Multiple incorrect default permissions
25.08.2014
Robert Scheck
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
Med.
Photodex ProShow Producer 5.0.3310 Privilege Escalation
20.03.2013
Inshell Security Advis...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-11-22
Waiting for details
CVE-2022-41943

Updating...
 

 
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.

 
2022-10-19
Waiting for details
CVE-2013-4281

Updating...
 

 
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

 
2022-09-07
Waiting for details
CVE-2022-31251

Updating...
 

 
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.

 
2022-07-12
Medium
CVE-2022-34737

Vendor: Huawei
Software: Magic ui
 

 
The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

 
Low
CVE-2022-30753

Vendor: Google
Software: Android
 

 
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

 
Low
CVE-2022-30758

Vendor: Google
Software: Android
 

 
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.

 
2022-07-07
Medium
CVE-2022-32207

Vendor: HAXX
Software: CURL
 

 
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

 
Medium
CVE-2022-33996

Vendor: Devolutions
Software: Devolutions ...
 

 
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.

 
2022-06-24
High
CVE-2021-41635

Updating...
 

 
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.

 
Low
CVE-2021-41637

Vendor: Melag
Software: Ftp server
 

 
Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top