| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. |
| The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. |
| In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1. |
| An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. |
| An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. |
| ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. |
| OpenStack nova base images permissions are world readable |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. |
| Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. |
| PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. |
| A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. |
