Total
66 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2590 | 2 Freeipa, Redhat | 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. | |||||
CVE-2017-1396 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. | |||||
CVE-2017-1418 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. | |||||
CVE-2016-8520 | 1 Eucalyptus | 1 Eucalyptus | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data. | |||||
CVE-2016-9061 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | |||||
CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | |||||
CVE-2013-4201 | 1 Katello | 1 Katello | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | |||||
CVE-2017-5809 | 1 Hp | 1 Data Protector | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
CVE-2016-5299 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | |||||
CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | |||||
CVE-2016-8732 | 1 Sophos | 1 Invincea Dell Protected Workspace | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | |||||
CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | |||||
CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||
CVE-2016-4924 | 1 Juniper | 1 Junos | 2024-02-04 | 1.7 LOW | 5.5 MEDIUM |
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8 | |||||
CVE-2015-8300 | 1 Polycom | 1 Btoe Connector | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | |||||
CVE-2017-16887 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password. | |||||
CVE-2015-7781 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | |||||
CVE-2017-2694 | 1 Huawei | 1 Vmall | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. |