Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
666 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that ...
Zte Zxmp M721 Firmware 5.10.030.006
7.5
CVSSv3
CVE-2021-23567
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers...
Colors.js Project Colors.js 1.4.1
Colors.js Project Colors.js 1.4.44-liberty-2
7.1
CVSSv3
CVE-2023-32698
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for c...
Goreleaser Nfpm
6.1
CVSSv3
CVE-2023-2153
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php of the component POST Parameter ...
Complaint Management System Project Complaint Management System 1.0
6.1
CVSSv3
CVE-2023-1795
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view wi...
Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0
5.5
CVSSv3
CVE-2020-23861
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
Gnu Libredwg 0.10.1
3.3
CVSSv3
CVE-2016-2057
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x prior to 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
Xymon Xymon 4.3.24
Xymon Xymon 4.3.23
Xymon Xymon 4.3.17
Xymon Xymon 4.3.16
Xymon Xymon 4.3.9
Xymon Xymon 4.3.8
Xymon Xymon 4.3.0
Xymon Xymon 4.2.2
Xymon Xymon 4.1.2
Xymon Xymon 4.1.1
Xymon Xymon 4.1.0
Xymon Xymon 4.3.22
Xymon Xymon 4.3.21
Xymon Xymon 4.3.15
Xymon Xymon 4.3.14
Xymon Xymon 4.3.7
Xymon Xymon 4.3.6
Xymon Xymon 4.2.0
Xymon Xymon 4.2
Xymon Xymon 4.3.19
Xymon Xymon 4.3.18
Xymon Xymon 4.3.11
NA
CVE-2024-26891
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping ...
NA
CVE-2014-3074
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Ibm Vios 2.2.0.12
Ibm Vios 2.2.0.13
Ibm Vios 2.2.1.9
Ibm Vios 2.2.2.0
Ibm Vios 2.2.1.3
Ibm Vios 2.2.1.4
Ibm Vios 2.2.3.2
Ibm Vios 2.2.3.3
Ibm Vios 2.2.1.0
Ibm Vios 2.2.1.1
Ibm Vios 2.2.2.4
Ibm Vios 2.2.2.5
Ibm Vios 2.2.3.0
Ibm Vios 2.2.0.10
Ibm Vios 2.2.0.11
Ibm Vios 2.2.1.8
Ibm Aix 7.1
Ibm Aix 6.1
NA
CVE-2013-7135
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.
Detlef Pilzecker Proc\\ \\
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »