Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1418 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2019-10-09 | N/A |
| IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. | ||||
| CVE-2017-1396 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2019-10-09 | N/A |
| IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. | ||||
| CVE-2017-0883 | 1 Nextcloud | 1 Nextcloud Server | 2019-10-09 | N/A |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2016-9462 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2019-10-09 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. | ||||
| CVE-2016-9461 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2019-10-09 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. | ||||
| CVE-2016-4924 | 1 Juniper | 1 Junos | 2019-10-09 | N/A |
| An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8 | ||||
| CVE-2019-2177 | 1 Google | 1 Android | 2019-09-06 | N/A |
| In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2019-08-13 | N/A |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | ||||
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2019-08-13 | N/A |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | ||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | ||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2019-08-09 | N/A |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | ||||
| CVE-2016-10846 | 1 Cpanel | 1 Cpanel | 2019-08-08 | N/A |
| cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | ||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2019-08-08 | N/A |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | ||||
| CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2019-08-06 | N/A |
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | ||||
| CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2019-08-06 | N/A |
| cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | ||||
| CVE-2017-9327 | 1 Cloudera | 1 Cloudera Manager | 2019-07-11 | N/A |
| Secret data of processes managed by CM is not secured by file permissions. | ||||
| CVE-2017-17060 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | N/A |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | ||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2019-04-26 | N/A |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | ||||
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2019-04-26 | N/A |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | ||||
| CVE-2016-6715 | 1 Google | 1 Android | 2019-03-07 | N/A |
| An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954. | ||||