Tylko z CVE
Tylko z CWE
Świeża lista CVE
Sprawdź nr. CVE
Sprawdź nr. CWE
W bazie CVE
Po nr. CVE
Po nr. CWE
BarracudaDrive v6.5 Insecure Folder Permissions
BarracudaDrive 6.5 Local Privilege Escalation
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage
Hide.Me VPN Client 1.2.4 - Privilege Escalation
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
Zarafa Multiple incorrect default permissions
Eventum 2.3.4 Incorrect Permissions / Code Injection
High-Tech Bridge Secur...
Zavio IP Cameras multiple vulnerabilities
Photodex ProShow Producer 5.0.3310 Privilege Escalation
Inshell Security Advis...
Common Weakness Enumeration (CWE)
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Weak access control permissions in MELAG FTP Server 184.108.40.206 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.
When installed as Windows service MELAG FTP Server 220.127.116.11 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.
A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.
Back to Top