Total
1220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12466 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 5.5 MEDIUM | 6.5 MEDIUM |
| openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | |||||
| CVE-2018-11792 | 1 Apache | 1 Impala | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database. | |||||
| CVE-2017-9792 | 1 Apache | 1 Impala | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external. | |||||
| CVE-2017-9268 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | |||||
| CVE-2017-5118 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2017-3166 | 1 Apache | 1 Hadoop | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | |||||
| CVE-2017-17867 | 1 Intenogroup | 1 Iopsys | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration. | |||||
| CVE-2017-15288 | 1 Scala-lang | 1 Scala | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | |||||
| CVE-2016-9604 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 2.1 LOW | 4.4 MEDIUM |
| It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. | |||||
| CVE-2016-5202 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-11-07 | 7.5 HIGH | 9.1 CRITICAL |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | |||||
| CVE-2013-0887 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2023-11-07 | 7.5 HIGH | N/A |
| The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0885 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2023-11-07 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. | |||||
| CVE-2012-0433 | 1 Crowbar Project | 1 Crowbar | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. | |||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2023-42489 | 1 Busbaer | 1 Eisbaer Scada | 2023-11-01 | N/A | 9.8 CRITICAL |
| EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource | |||||
| CVE-2023-46449 | 1 Mayurik | 1 Inventory Management System | 2023-10-30 | N/A | 8.8 HIGH |
| Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. | |||||
| CVE-2023-41295 | 1 Huawei | 2 Emui, Harmonyos | 2023-10-26 | N/A | 5.3 MEDIUM |
| Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | |||||
| CVE-2023-40361 | 1 Secudos | 1 Qiata | 2023-10-26 | N/A | 7.8 HIGH |
| SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | |||||
| CVE-2023-44201 | 1 Juniper | 2 Junos, Junos Os Evolved | 2023-10-19 | N/A | 5.5 MEDIUM |
| An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO. | |||||
| CVE-2023-32724 | 1 Zabbix | 1 Zabbix | 2023-10-17 | N/A | 8.8 HIGH |
| Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | |||||