Export limit exceeded: 34576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2025 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0201 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2025-04-12 | N/A |
| ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2024-57547 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | 7.5 High |
| Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. | ||||
| CVE-2024-27294 | 1 Danielparks | 1 Dp-golang | 2025-04-11 | 7.3 High |
| dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group | ||||
| CVE-2013-0885 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2025-04-11 | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. | ||||
| CVE-2009-3556 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||||
| CVE-2013-0887 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2025-04-11 | N/A |
| The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. | ||||
| CVE-2013-1863 | 1 Samba | 1 Samba | 2025-04-11 | N/A |
| Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. | ||||
| CVE-2010-4512 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | N/A |
| Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | ||||
| CVE-2010-0299 | 1 Opensuse | 1 Opensuse | 2025-04-11 | N/A |
| openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2010-1000 | 1 Kde | 1 Kde Sc | 2025-04-11 | N/A |
| Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | ||||
| CVE-2013-2415 | 2 Oracle, Redhat | 4 Jdk, Jre, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions. | ||||
| CVE-2013-2068 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method. | ||||
| CVE-2012-3386 | 2 Gnu, Redhat | 2 Automake, Enterprise Linux | 2025-04-11 | N/A |
| The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-2314 | 1 Fedoraproject | 1 Anaconda | 2025-04-11 | N/A |
| The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | ||||
| CVE-2012-1717 | 5 Linux, Oracle, Redhat and 2 more | 23 Linux Kernel, Jdk, Jre and 20 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. | ||||
| CVE-2011-4339 | 2 Ipmitool Project, Redhat | 2 Ipmitool, Enterprise Linux | 2025-04-11 | N/A |
| ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. | ||||
| CVE-2011-1586 | 2 Kde, Redhat | 2 Kde Sc, Enterprise Linux | 2025-04-11 | N/A |
| Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. | ||||
| CVE-2011-1018 | 2 Logwatch, Redhat | 2 Logwatch, Enterprise Linux | 2025-04-11 | N/A |
| logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. | ||||
| CVE-2010-2116 | 1 Mcafee | 2 Email Gateway, Secure Mail | 2025-04-11 | N/A |
| The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. | ||||
| CVE-2010-1511 | 1 Kde | 2 Kde Sc, Kget | 2025-04-11 | N/A |
| KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. | ||||