Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5299 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-10846 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | |||||
| CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||||
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | |||||
| CVE-2014-6047 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | |||||
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | |||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | |||||
| CVE-2013-4201 | 1 Katello | 1 Katello | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | |||||
| CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | |||||
| CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | |||||
| CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | |||||