7310 matches found
CVE-2020-24394
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...
CVE-2020-8731
Incorrect execution-assigned permissions in the file system for some IntelR Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access...
Cisco NX-OS Software Privilege Escalation Vulnerability
According to its self-reported version, Cisco NX-OS Software is affected by following vulnerability - A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to...
OPENSUSE-SU-2019:1849-1 Security update for chromium
This update for chromium to version 76.0.3809.87 fixes the following issues: - CVE-2019-5850: Use-after-free in offline page fetcher boo1143492 - CVE-2019-5860: Use-after-free in PDFium boo1143492 - CVE-2019-5853: Memory corruption in regexp length check boo1143492 - CVE-2019-5851: Use-after-pois...
USN-3968-1: Sudo vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and...
CVE-2019-1602
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...
Input validation
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...
CVE-2019-1602
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...
CVE-2019-1602 Cisco NX-OS Software Privilege Escalation Vulnerability
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...
CVE-2019-1602 Cisco NX-OS Software Privilege Escalation Vulnerability
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...
CVE-2019-1602
CVE-2019-1602 affects Cisco NX-OS Software where improper filesystem permissions grant authenticated local attackers the ability to access sensitive data and escalate to administrator privileges. Affected products include Nexus 3000, Nexus 3500, Nexus 3600 platforms, NX-OS on Nexus 9000 Series St...
CVE-2019-1601
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker coul...
Authentication flaw
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker coul...
CVE-2019-1601
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker coul...
CVE-2019-1601 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker coul...
CVE-2019-1601
Cisco NX-OS Software Unauthorized Filesystem Access (CVE-2019-1601) allows an authenticated, local attacker to read/write a restricted configuration file, enabling bypass of authentication and login as any user. Affected devices include MDS 9000 Series, Nexus 3000/3500/3600, Nexus 2000/5500/5600/...
Cisco NX-OS Software Privilege Escalation Vulnerability
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...
nginx <= 1.3.13 Insecure Log Permissions
According to its Server response header, the installed version of nginx is prior to or equal to 1.3.13. It is, therefore, affected by a flaw related to creating and handling log files that allows information disclosure due to insecure filesystem permissions. %NASLMINLEVEL 70300 C Tenable Network...
Fedora 27 : composer (2018-9d1ff4b802)
Version 1.6.4 - 2018-04-13 - Security fixes in some edge case scenarios, recommended update for all users - Fixed regression in version guessing of path repositories - Fixed removing aliased packages from the repository, which might resolve some odd update bugs - Fixed updating of package URLs fo...
CVE-2018-5340
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...