| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc. |
| Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account. |
| LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. |
| In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. |
| Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. |
| Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. |
| It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. |
| In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). |
| The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. |
| The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. |
| Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. |
| KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. |
| Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. |
| authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. |
| An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. |
