Lucene search
K

69 matches found

CVE
CVE
added 2020/05/14 4:16 p.m.47 views

CVE-2019-13021

Bond JetSelect (all versions) stores administrator passwords in an unprotected filesystem file ( /opt/JetSelect/SFC/resources/sfc-general-properties ), instead of encrypting them in the database. The passwords are created via ENCtool.jar during installation and backed up by the installer, enablin...

6.5CVSS7.8AI score0.00603EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/12/20 2:15 p.m.7 views

CVE-2012-3409

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation...

7.8CVSS7AI score0.00409EPSS
Exploits0References10
NVD
NVD
added 2019/12/16 8:15 p.m.13 views

CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.8CVSS7.7AI score0.01505EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2018/10/30 12:5 p.m.5 views

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

7.8CVSS6.7AI score0.0101EPSS
Exploits2References4
CVE
CVE
added 2018/06/07 2:0 a.m.63 views

CVE-2017-16130

CVE-2017-16130 affects the exxxxxxxxxxx JavaScript package (described as an Http eX Frame Google Style Guide). The vulnerability is a directory traversal issue: by placing "../" in the URL, an attacker can access files on the filesystem. Accessible files are limited to those with a file extension...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/02/15 7:0 p.m.114 views

CVE-2018-7169

CVE-2018-7169 affects shadow-tools: shadow 4.5 (shadow-utils) contains a setuid newgidmap that can place an unprivileged user in a user namespace where setgroups(2) is allowed. This enables the user to remove themselves from a supplementary group, potentially bypassing group-based access restrict...

5.3CVSS5.1AI score0.01596EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/02/01 5:0 p.m.56 views

CVE-2014-3519

The CVE-2014-3519 details: OpenVZ modification for the Linux kernel 2.6.32, before 042stab090.5, with simfs, exposes open_by_handle_at in vzkernel to local container users with CAP_DAC_READ_SEARCH, bypassing container protections and enabling access to arbitrary files via file_handle-related vect...

6.5CVSS6.2AI score0.00443EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2017/12/14 12:0 a.m.50 views

Zivif Web Cameras Multiple Vulnerabilities

Implementation of access controls is Zivif cameras is severely lacking.As a result, CGI functions can be called directly, bypassing authentication checks. This was first identified with the following request CVE-2017-17106 http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this...

0.5AI score0.84558EPSS
Exploits10
hackapp
hackapp
added 2016/09/01 4:45 p.m.16 views

Deniz Kabuğu - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Deniz Kabuğu published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:24 a.m.12 views

Jelly Jamm 2 - Videos for Kids - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Jelly Jamm 2 - Videos for Kids published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:18 a.m.9 views

Spring Garden’s Care - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Spring Garden’s Care published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:17 a.m.14 views

Princess Castle Cleanup - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Princess Castle Cleanup published at the 'play' market has multiple vulnerabilities...

0.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:8 a.m.21 views

Ninja Rush - Dangerous filesystem permissions, GPL license, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Ninja Rush published at the 'play' market has multiple vulnerabilities...

0.6AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:59 a.m.9 views

Can You Escape - Dangerous filesystem permissions, Insecure KeyStore, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Can You Escape published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:48 a.m.8 views

Face Changer - Photo Editor - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Face Changer - Photo Editor published at the 'play' market has multiple vulnerabilities...

0.4AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:45 a.m.13 views

Tap the Frog Faster - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tap the Frog Faster published at the 'play' market has multiple vulnerabilities...

0.9AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:37 a.m.11 views

WEB.DE Mail - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application WEB.DE Mail published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:23 a.m.11 views

billiger.de Preisvergleich - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application billiger.de Preisvergleich published at the 'play' market has multiple vulnerabilities...

0.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 8:57 a.m.10 views

Learn English By Conversation - Customized SSL, Dangerous filesystem permissions, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Learn English By Conversation published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
CVE
CVE
added 2015/08/31 10:0 a.m.114 views

CVE-2014-9729

CVE-2014-9729 affects the Linux kernel’s UDF filesystem implementation (fs/udf/inode.c: udf_read_inode). The issue is the function’s failure to ensure data-structure size consistency, enabling a local attacker to crash the system via a crafted UDF image. The vulnerability exists in kernel version...

4.9CVSS5.3AI score0.00406EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder