Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-5068

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-05 Nov, 2019 | 21:11
Updated At-04 Aug, 2024 | 19:47
Rejected At-
Credits

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:05 Nov, 2019 | 21:11
Updated At:04 Aug, 2024 | 19:47
Rejected At:
▼CVE Numbering Authority (CNA)

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

Affected Products
Vendor
n/a
Product
Mesa 3D X11 Graphics library
Versions
Affected
  • 19.1.2
Problem Types
TypeCWE IDDescription
CWECWE-277CWE-277: Insecure Inherited Permissions
Type: CWE
CWE ID: CWE-277
Description: CWE-277: Insecure Inherited Permissions
Metrics
VersionBase scoreBase severityVector
3.05.1MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
mailing-list
x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
vendor-advisory
x_refsource_SUSE
https://usn.ubuntu.com/4271-1/
vendor-advisory
x_refsource_UBUNTU
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
x_refsource_MISC
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
x_refsource_MISC
https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
x_refsource_MISC
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://usn.ubuntu.com/4271-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
Resource:
x_refsource_MISC
Hyperlink: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
Resource:
x_refsource_MISC
Hyperlink: https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
mailing-list
x_refsource_MLIST
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://usn.ubuntu.com/4271-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
x_refsource_MISC
x_transferred
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
x_refsource_MISC
x_transferred
https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://usn.ubuntu.com/4271-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:05 Nov, 2019 | 22:15
Updated At:21 Jun, 2022 | 19:23

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Secondary3.05.1MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary2.03.6LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.6
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:N
CPE Matches

mesa3d
mesa3d
>>mesa>>19.1.2
cpe:2.3:a:mesa3d:mesa:19.1.2:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE-277Secondarytalos-cna@cisco.com
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-277
Type: Secondary
Source: talos-cna@cisco.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.htmltalos-cna@cisco.com
Mailing List
Third Party Advisory
https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdctalos-cna@cisco.com
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00013.htmltalos-cna@cisco.com
Mailing List
Third Party Advisory
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.htmltalos-cna@cisco.com
Mailing List
Patch
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857talos-cna@cisco.com
Exploit
Third Party Advisory
https://usn.ubuntu.com/4271-1/talos-cna@cisco.com
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
Source: talos-cna@cisco.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
Source: talos-cna@cisco.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
Source: talos-cna@cisco.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
Source: talos-cna@cisco.com
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4271-1/
Source: talos-cna@cisco.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

97Records found

CVE-2025-6297
Matching Score-6
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-6
Assigner-Debian GNU/Linux
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.75%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 16:16
Updated-19 Aug, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dpkg-deb: Fix cleanup for control member with restricted directories

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.

Action-Not Available
Vendor-Debian GNU/Linux
Product-dpkgdpkg
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-6057
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-6040
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.67%
||
7 Day CHG-0.02%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18495
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.90%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18654
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.25%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 00:00
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-crossroadsn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18349
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 66.66%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18352
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 72.77%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-14662
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Action-Not Available
Vendor-[UNKNOWN]Canonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-ceph_storageubuntu_linuxenterprise_linux_serverdebian_linuxcephleapceph
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-46338
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.72%
||
7 Day CHG+0.04%
Published-30 Nov, 2022 | 00:00
Updated-24 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.

Action-Not Available
Vendor-g810-led_projectn/aDebian GNU/Linux
Product-debian_linuxg810-ledn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2016-4983
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.14% / 35.10%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 21:45
Updated-06 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

Action-Not Available
Vendor-Red Hat, Inc.openSUSEFedora ProjectDovecot
Product-opensuseenterprise_linuxdovecotleapdovecot22
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-28169
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-1.62% / 81.05%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 14:36
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-td-agent-builder_projectn/aDebian GNU/LinuxMicrosoft Corporation
Product-windowsdebian_linuxtd-agent-buildern/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2009-0115
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.16%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 16:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Action-Not Available
Vendor-christophe.varoquin/aopenSUSESUSEFedora ProjectJuniper Networks, Inc.Debian GNU/LinuxAvaya LLCNovell
Product-linux_enterprise_serverdebian_linuxmultipath-toolsmessage_networkingopensusemessaging_storage_serverfedoraopen_enterprise_serverlinux_enterprise_desktopintuity_audix_lxctpviewn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12396
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 71.46%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-1053
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.05% / 16.41%
||
7 Day CHG~0.00%
Published-09 Feb, 2018 | 14:00
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxcloudformsdebian_linuxpostgresqlpostgresql
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-1000132
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 49.09%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 13:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

Action-Not Available
Vendor-mercurialn/aDebian GNU/Linux
Product-mercurialdebian_linuxn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-26932
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.85%
||
7 Day CHG~0.00%
Published-10 Oct, 2020 | 17:57
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)

Action-Not Available
Vendor-sympan/aDebian GNU/Linux
Product-debian_linuxsympan/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2014-1422
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-5||MEDIUM
EPSS-0.04% / 11.58%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 18:05
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Location service uses cached authorization even after revocation

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.

Action-Not Available
Vendor-Canonical Ltd.
Product-trust-store_\(ubuntu\)trust-store_\(ubuntu_rtm\)trust-store (Ubuntu)trust-store (Ubuntu RTM)
CWE ID-CWE-275
Not Available
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2013-0885
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-linux_kernelopensusechromewindowsmac_os_xn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-24769
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.11%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default inheritable capabilities for linux container should be empty

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.

Action-Not Available
Vendor-mobyprojectmobyLinux Kernel Organization, IncFedora ProjectThe Linux FoundationDebian GNU/Linux
Product-debian_linuxlinux_kernelmobyfedoraruncmoby
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-45364
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.92%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWikimedia Foundation
Product-debian_linuxmediawikin/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12467
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
delete package via link exploit in open buildservice

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceopenbuildservice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12466
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.4||MEDIUM
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openbuildservice allowed deleting packages via project links

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceopenbuildservice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-1115
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.41% / 60.69%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 19:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Action-Not Available
Vendor-unspecifiedopenSUSEThe PostgreSQL Global Development Group
Product-postgresqlleappostgresql
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-9780
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.22%
||
7 Day CHG~0.00%
Published-21 Jun, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.

Action-Not Available
Vendor-flatpakn/aDebian GNU/Linux
Product-debian_linuxflatpakn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2007-5743
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.42%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 21:55
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

Action-Not Available
Vendor-viewvcn/aDebian GNU/Linux
Product-debian_linuxviewvcn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-6928
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-01 Mar, 2018 | 22:00
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.

Action-Not Available
Vendor-Debian GNU/LinuxThe Drupal Association
Product-debian_linuxdrupalDrupal Core
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-17490
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.85%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 07:29
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

Action-Not Available
Vendor-saltstackn/aDebian GNU/Linux
Product-debian_linuxsaltn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-21946
Matching Score-6
Assigner-SUSE
ShareView Details
Matching Score-6
Assigner-SUSE
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 10:05
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
suddoers configuration for cscreen not restrictive enough

A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

Action-Not Available
Vendor-openSUSE
Product-factorycscreenFactory
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-20148
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 17:01
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-logcheckn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-15708
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-9.3||CRITICAL
EPSS-0.13% / 33.74%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 01:40
Updated-16 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libvirt Service Arbitrary File Write Privilege Escalation Vulnerability

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

Action-Not Available
Vendor-Canonical Ltd.Ubuntu
Product-ubuntu_linuxlibvirt
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-15250
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.29%
||
7 Day CHG+0.01%
Published-12 Oct, 2020 | 17:55
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in JUnit4

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

Action-Not Available
Vendor-junitjunit-teamThe Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-junit4communications_cloud_native_core_policydebian_linuxplutojunit4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-29074
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.20%
||
7 Day CHG~0.00%
Published-25 Nov, 2020 | 22:06
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

Action-Not Available
Vendor-x11vnc_projectn/aDebian GNU/LinuxFedora Project
Product-x11vncdebian_linuxfedoran/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-10781
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.73%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 00:00
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.

Action-Not Available
Vendor-Linux KernelLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelkernel
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-15906
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.04% / 86.13%
||
7 Day CHG~0.00%
Published-26 Oct, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.OpenBSDOracle CorporationNetApp, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_eusclustered_data_ontapopensshenterprise_linux_workstationactive_iq_unified_managersolidfireoncommand_unified_manager_core_packagesteelstore_cloud_integrated_storagedebian_linuxcloud_backupenterprise_linux_serverenterprise_linux_server_auscn1610_firmwarevasa_provider_for_clustered_data_ontapdata_ontap_edgesun_zfs_storage_appliance_kitcn1610virtual_storage_consolehci_management_nodestorage_replication_adapter_for_clustered_data_ontapn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-18285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 06:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.

Action-Not Available
Vendor-burp_projectn/aGentoo Foundation, Inc.
Product-burplinuxn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36133
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 20:42
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.

Action-Not Available
Vendor-nxplinaron/a
Product-op-teei.mx_6ulli.mx_7dsi.mx6sxi.mx_6i.mx_6soloxi.mx_6ulzn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-4093
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 17.94%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsspectrum_protectSpectrum Protect
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-27883
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.81%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-14 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-25276
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.25% / 47.84%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 16:59
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-serv-un/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2009-3611
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.43%
||
7 Day CHG~0.00%
Published-26 Oct, 2009 | 16:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Action-Not Available
Vendor-le-webn/aFedora Project
Product-fedorabackintimen/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-20909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 14:31
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-14980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 19:27
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-zenfone_3_maxzenfone_3_max_firmwaren/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-3503
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-19 Dec, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Guest Shell Unauthorized File System Access Vulnerability

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4x1100-6g_integrated_services_routercatalyst_c9407rcatalyst_c9300-48pws-c3650-24td4331_integrated_services_routercatalyst_c9500-16x4461_integrated_services_routercatalyst_c9200-24pasr_1000-xws-c3850catalyst_c9200l-48pxg-2ycatalyst_c9200l-48t-4g111x_integrated_services_routercatalyst_9800-lasr_1013catalyst_c9300l-48p-4xcatalyst_c9500-24y4ccatalyst_c9200l-24t-4gws-c3650-24psasr1001-hxcatalyst_9800-clws-c3650-48tqcatalyst_c9200l-48p-4gws-c3650-12x48uzws-c3850-48xs1160_integrated_services_routercatalyst_c9300l-24t-4g1100-lte_integrated_services_routercatalyst_c9200l-24pxg-2yws-c3850-24ucatalyst_9800-801109_integrated_services_routercatalyst_c9200l-24p-4xcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gws-c3650-48pd1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_c9300-48uxmcatalyst_9800-401101-4p_integrated_services_router1100-4p_integrated_services_routercatalyst_c9500-40xasr_1006ws-c3850-24xsasr1002-hx-wscatalyst_c9200-24tws-c3650-24pdm1101_integrated_services_router1100-4gltegb_integrated_services_router4451_integrated_services_routerws-c3650-48fqmws-c3850-48tcatalyst_c9200l-48p-4xcatalyst_c9410rcatalyst_c9300-24pasr1001-hx-rfws-c3650-24pdws-c3650-48fsws-c3850-48pws-c3850-24pcatalyst_c9300-48u1100-4gltena_integrated_services_router1100_integrated_services_routerws-c3650-8x24uqcatalyst_9800-l-cws-c3650-48tscatalyst_c9300-48tcatalyst_c9500-12qcatalyst_c9500-24qws-c3650-12x48urcatalyst_c9200-48tcatalyst_c9300-24sasr1002-x-rfws-c3650-12x48uqws-c3650-48tdasr_1001asr1002-hx4221_integrated_services_routercatalyst_c9404rws-c3850-12x48ucatalyst_c9300-24ucatalyst_c9200l-48t-4xws-c3650-48fdasr1002-x-wscatalyst_c9500-32casr_1002-xcatalyst_c9300l-24p-4gws-c3850-12scatalyst_c9500-32qcasr1002-hx-rfws-c3850-48ucatalyst_c9200l-24p-4gcatalyst_c9300-48sws-c3650-48fqws-c3850-48fws-c3850-24xucatalyst_c9300l-48t-4xws-c3650-48ps1109-2p_integrated_services_routerws-c3850-24tasr_1002catalyst_c9300l-24t-4xcatalyst_9800-l-fws-c3650-24tsasr_1004catalyst_c9200-48p1120_integrated_services_routercatalyst_c9300-48uncatalyst_c9200l-24t-4xasr1001-x-rfws-c3650-48pqcatalyst_c9300-24t4431_integrated_services_routercatalyst_c9200l-24pxg-4xasr1001-x-wscsr_1000vios_xecatalyst_c9300l-48t-4g1111x-8p_integrated_services_routercatalyst_c9500-48y4c1100-8p_integrated_services_routerws-c3850-24s1109-4p_integrated_services_routercatalyst_c9300-24uxasr_1001-xws-c3850-12xsCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-25111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-31 May, 2025 | 00:00
Updated-16 Jun, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.

Action-Not Available
Vendor-django-helpdesk_projectdjango-helpdesk Project
Product-django-helpdeskdjango-helpdesk
CWE ID-CWE-277
Insecure Inherited Permissions
CVE-2023-38640
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.6||MEDIUM
EPSS-0.04% / 11.77%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-02 Aug, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.

Action-Not Available
Vendor-Siemens AG
Product-sicam_pas\/pqsSICAM PAS/PQS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-31540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-23 Apr, 2021 | 16:10
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.

Action-Not Available
Vendor-wowzan/a
Product-streaming_enginen/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-11259
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.7||HIGH
EPSS-0.04% / 11.15%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-17 Sep, 2024 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaresd_820asdm632_firmwaremsm8996au_firmwaresdm632mdm9650sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_800_firmwaresd_625_firmwaresd_450sdm636mdm9635msd_845mdm9206_firmwaremdm9640sd_835_firmwaremdm9650_firmwaresd_835sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresd_412sdm636_firmwaresdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sdm630sd_625sd_210mdm9607sd_820_firmwaresd_800sd_617snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sd_412_firmwaresdm630_firmwaresd_427sd_430sd_810sd_435_firmwaresdx20_firmwaresd_410_firmwaresd_205sd_810_firmwaresdm660_firmwaresd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • Next
Details not found