Search Results (112 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0742 2 Linux, Netapp 27 Linux Kernel, A400, A400 Firmware and 24 more 2025-04-21 9.1 Critical
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
CVE-2022-0343 1 Google 1 Perfetto 2025-04-21 3.3 Low
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
CVE-2015-7781 1 Zohocorp 1 Manageengine Firewall Analyzer 2025-04-20 N/A
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
CVE-2016-0394 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
CVE-2017-17876 1 Iwcnetwork 1 Shift 2025-04-20 N/A
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
CVE-2016-4924 1 Juniper 1 Junos 2025-04-20 N/A
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8
CVE-2017-2694 1 Huawei 1 Vmall 2025-04-20 N/A
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.
CVE-2016-9869 1 Emc 1 Scaleio 2025-04-20 N/A
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.
CVE-2015-7889 2 Google, Samsung 2 Android, Galaxy S6 Edge 2025-04-20 N/A
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
CVE-2016-3022 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 6.5 Medium
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.
CVE-2016-6648 1 Emc 2 Recoverpoint, Recoverpoint For Virtual Machines 2025-04-20 N/A
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.
CVE-2017-11463 1 Ivanti 1 Endpoint Manager 2025-04-20 N/A
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.
CVE-2015-5153 1 Pulp Project 1 Pulp 2025-04-20 N/A
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
CVE-2015-7842 1 Huawei 20 Ch121 V3, Ch121 V3 Firmware, Ch220 V3 and 17 more 2025-04-20 N/A
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
CVE-2015-8300 1 Polycom 1 Btoe Connector 2025-04-20 N/A
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
CVE-2016-7553 1 Irssi 1 Buf.pl 2025-04-20 N/A
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
CVE-2016-4873 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
CVE-2016-8214 1 Emc 2 Avamar Data Store, Avamar Virtual Edition 2025-04-20 N/A
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.
CVE-2016-4288 1 Bluestacks 1 Bluestacks 2025-04-20 N/A
A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges.
CVE-2017-0883 1 Nextcloud 1 Nextcloud Server 2025-04-20 N/A
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.