CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2198 matches found

RedHat Linux•added 2017/12/13 5:48 p.m.•2 views

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

5.5CVSS7.3AI score0.00376EPSS

Exploits0References4

RedHat Linux•added 2017/12/13 5:31 p.m.•0 views

EAP-7: Wrong privileges on multiple property files

5.5CVSS7.3AI score0.00376EPSS

Exploits0References4

OSV•added 2017/12/12 8:29 p.m.•0 views

UBUNTU-CVE-2017-12155

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

6.3CVSS6.7AI score0.00285EPSS

Exploits0References2

Veracode•added 2017/11/14 6:35 a.m.•3 views

Unauthorized Access

Apache Hadoop Mapreduce is vulnerable to unauthorized access. If a file with world-readable access permissions is localized through YARN's localization mechanism, the file will be stored in a world-readable location that can then be accessed by a malicious user...

7.8CVSS6.3AI score0.00347EPSS

Exploits0References4Affected Software1

Prion•added 2017/11/13 2:29 p.m.•15 views

Design/Logic Flaw

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...

4.6CVSS7.5AI score0.00347EPSS

Exploits0References2Affected Software1

NVD•added 2017/11/13 2:29 p.m.•14 views

CVE-2017-3166

7.8CVSS8AI score0.00347EPSS

Exploits0References2

UbuntuCve•added 2017/10/31 8:29 p.m.•23 views

CVE-2017-1000383

GNU Emacs version 25.3.1 and other versions most likely ignores umask when creating a backup save file "ORIGINALFILENAME" resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary...

5.5CVSS6.4AI score0.00407EPSS

Exploits0References3

OSV•added 2017/10/31 8:29 p.m.•4 views

UBUNTU-CVE-2017-1000383

5.5CVSS6.3AI score0.00407EPSS

Exploits0References4

OSV•added 2017/10/31 8:29 p.m.•1 views

DEBIAN-CVE-2017-1000382

VIM version 8.0.1187 and other versions most likely ignores umask when creating a swap file "ORIGINALFILENAME.swp" resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary...

5.5CVSS6.9AI score0.00381EPSS

Exploits0References1

NVD•added 2017/10/31 8:29 p.m.•16 views

CVE-2017-1000383

5.5CVSS6.8AI score0.00407EPSS

Exploits0References2

NVD•added 2017/10/31 8:29 p.m.•21 views

CVE-2017-1000382

5.5CVSS5.6AI score0.00381EPSS

Exploits0References2

Cvelist•added 2017/10/31 8:0 p.m.•29 views

CVE-2017-1000382

5.6AI score0.00381EPSS

Exploits0References2

Veracode•added 2017/10/27 1:17 a.m.•18 views

Sensitive Information Leakage

Mosquitto is vulnerable to sensitive information leakage. The leakage is due to keeping the mosquitto.db aka the persistence file as world readable. Therefore, local users can access sensitive MQTT topic information...

5.5CVSS6.2AI score0.00361EPSS

Exploits0References2Affected Software1

NVD•added 2017/10/18 3:29 p.m.•9 views

CVE-2015-3400

sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files...

4.3CVSS4.3AI score0.01645EPSS

Exploits0References5

Cvelist•added 2017/10/18 3:0 p.m.•11 views

CVE-2015-3400

4.3AI score0.01645EPSS

Exploits0References5