Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
666 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2013-7135
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.
Detlef Pilzecker Proc\\ \\
7.5
CVSSv2
CVE-2005-0089
The SimpleXMLRPCServer library module in Python 2.2, 2.3 prior to 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote malicious users to read or modify globals of the associated module,...
Python Python 2.4.0
Python Python
3.6
CVSSv2
CVE-2001-1409
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
Xfree86 Project Xfree86 X Server 4.1.0.2
4.3
CVSSv2
CVE-2020-23861
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
Gnu Libredwg 0.10.1
2.1
CVSSv2
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello -
Katello Katello-configure
6.5
CVSSv2
CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that ...
Zte Zxmp M721 Firmware 5.10.030.006
NA
CVE-2023-32698
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for c...
Goreleaser Nfpm
5
CVSSv2
CVE-2021-23567
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers...
Colors.js Project Colors.js 1.4.1
Colors.js Project Colors.js 1.4.44-liberty-2
NA
CVE-2023-1795
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view wi...
Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0
7.2
CVSSv2
CVE-2014-3074
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Ibm Vios 2.2.0.12
Ibm Vios 2.2.0.13
Ibm Vios 2.2.1.9
Ibm Vios 2.2.2.0
Ibm Vios 2.2.1.3
Ibm Vios 2.2.1.4
Ibm Vios 2.2.3.2
Ibm Vios 2.2.3.3
Ibm Vios 2.2.1.0
Ibm Vios 2.2.1.1
Ibm Vios 2.2.2.4
Ibm Vios 2.2.2.5
Ibm Vios 2.2.3.0
Ibm Vios 2.2.0.10
Ibm Vios 2.2.0.11
Ibm Vios 2.2.1.8
Ibm Aix 7.1
Ibm Aix 6.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »