Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
666 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7135
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.
Detlef Pilzecker Proc\\ \\
NA
CVE-2005-0089
The SimpleXMLRPCServer library module in Python 2.2, 2.3 prior to 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote malicious users to read or modify globals of the associated module,...
Python Python 2.4.0
Python Python
NA
CVE-2001-1409
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
Xfree86 Project Xfree86 X Server 4.1.0.2
5.5
CVSSv3
CVE-2020-23861
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
Gnu Libredwg 0.10.1
NA
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello -
Katello Katello-configure
8.8
CVSSv3
CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that ...
Zte Zxmp M721 Firmware 5.10.030.006
7.1
CVSSv3
CVE-2023-32698
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for c...
Goreleaser Nfpm
6.1
CVSSv3
CVE-2023-1795
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view wi...
Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0
7.5
CVSSv3
CVE-2021-23567
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers...
Colors.js Project Colors.js 1.4.1
Colors.js Project Colors.js 1.4.44-liberty-2
NA
CVE-2014-3074
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Ibm Vios 2.2.0.12
Ibm Vios 2.2.0.13
Ibm Vios 2.2.1.9
Ibm Vios 2.2.2.0
Ibm Vios 2.2.1.3
Ibm Vios 2.2.1.4
Ibm Vios 2.2.3.2
Ibm Vios 2.2.3.3
Ibm Vios 2.2.1.0
Ibm Vios 2.2.1.1
Ibm Vios 2.2.2.4
Ibm Vios 2.2.2.5
Ibm Vios 2.2.3.0
Ibm Vios 2.2.0.10
Ibm Vios 2.2.0.11
Ibm Vios 2.2.1.8
Ibm Aix 7.1
Ibm Aix 6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »