CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CVE-2018-11453 (GCVE-0-2018-11453)
Vulnerability from cvelistv5 – Published: 2018-08-07 15:00 – Updated: 2024-09-16 17:42
VLAI
Summary
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.
Severity
No CVSS data available.
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105115 | vdb-entryx_refsource_BID |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 |
Affected:
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions
Affected: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2 Affected: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6 Affected: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2 |
Date Public
2018-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
},
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions \u003c V13 SP2 Update 2"
},
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions \u003c V14 SP1 Update 6"
},
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions \u003c V15 Update 2"
}
]
}
],
"datePublic": "2018-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T16:57:01.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "105115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-11453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
"version": {
"version_data": [
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions \u003c V13 SP2 Update 2"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions \u003c V14 SP1 Update 6"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions \u003c V15 Update 2"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105115"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-11453",
"datePublished": "2018-08-07T15:00:00.000Z",
"dateReserved": "2018-05-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:42:55.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11454 (GCVE-0-2018-11454)
Vulnerability from cvelistv5 – Published: 2018-08-07 15:00 – Updated: 2024-09-16 18:03
VLAI
Summary
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.
Severity
No CVSS data available.
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105115 | vdb-entryx_refsource_BID |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 |
Affected:
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions
Affected: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2 Affected: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6 Affected: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2 |
Date Public
2018-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
},
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions \u003c V13 SP2 Update 2"
},
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions \u003c V14 SP1 Update 6"
},
{
"status": "affected",
"version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions \u003c V15 Update 2"
}
]
}
],
"datePublic": "2018-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T16:57:01.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "105115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-11454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
"version": {
"version_data": [
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions \u003c V13 SP2 Update 2"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions \u003c V14 SP1 Update 6"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions \u003c V15 Update 2"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105115"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-11454",
"datePublished": "2018-08-07T15:00:00.000Z",
"dateReserved": "2018-05-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:30.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13286 (GCVE-0-2018-13286)
Vulnerability from cvelistv5 – Published: 2019-04-01 14:26 – Updated: 2024-09-17 01:01
VLAI
Summary
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
Severity
6.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions (CWE-276)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | DiskStation Manager (DSM) |
Affected:
unspecified , < 6.2-23739-1
(custom)
|
Date Public
2019-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:34.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DiskStation Manager (DSM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "6.2-23739-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions (CWE-276)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-01T14:26:30.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2019-03-31T00:00:00",
"ID": "CVE-2018-13286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DiskStation Manager (DSM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.2-23739-1"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions (CWE-276)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_33",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2018-13286",
"datePublished": "2019-04-01T14:26:30.087Z",
"dateReserved": "2018-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:01:06.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13287 (GCVE-0-2018-13287)
Vulnerability from cvelistv5 – Published: 2019-04-01 14:26 – Updated: 2024-09-16 20:17
VLAI
Summary
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
Severity
6.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions (CWE-276)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Synology Router Manager (SRM) |
Affected:
unspecified , < 1.1.7-6941-1
(custom)
|
Date Public
2019-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:34.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synology Router Manager (SRM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.1.7-6941-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions (CWE-276)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-01T14:26:58.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2019-03-31T00:00:00",
"ID": "CVE-2018-13287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synology Router Manager (SRM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.1.7-6941-1"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions (CWE-276)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_34",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2018-13287",
"datePublished": "2019-04-01T14:26:58.147Z",
"dateReserved": "2018-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:15.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25359 (GCVE-0-2018-25359)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-26 13:19
VLAI
Title
Splinterware System Scheduler Pro 5.12 Privilege Escalation
Summary
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
Severity
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45072 | exploit |
| https://www.splinterware.com | product |
| https://www.vulncheck.com/advisories/splinterware… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Splinterware | Splinterware System Scheduler Pro |
Affected:
5.12
|
Date Public
2018-07-21 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25359",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:19:26.618731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:19:38.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splinterware System Scheduler Pro",
"vendor": "Splinterware",
"versions": [
{
"status": "affected",
"version": "5.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "bzyo"
}
],
"datePublic": "2018-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:06.897Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45072",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45072"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.splinterware.com"
},
{
"name": "VulnCheck Advisory: Splinterware System Scheduler Pro 5.12 Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/splinterware-system-scheduler-pro-privilege-escalation"
}
],
"title": "Splinterware System Scheduler Pro 5.12 Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25359",
"datePublished": "2026-05-25T14:15:06.897Z",
"dateReserved": "2026-05-24T13:14:22.106Z",
"dateUpdated": "2026-05-26T13:19:38.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-7533 (GCVE-0-2018-7533)
Vulnerability from cvelistv5 – Published: 2018-03-14 18:00 – Updated: 2024-08-05 06:31
VLAI
Summary
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/103399 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSIsoft PI Data Archive |
Affected:
OSIsoft PI Data Archive
|
Date Public
2018-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02"
},
{
"name": "103399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSIsoft PI Data Archive",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSIsoft PI Data Archive"
}
]
}
],
"datePublic": "2018-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02"
},
{
"name": "103399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-7533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSIsoft PI Data Archive",
"version": {
"version_data": [
{
"version_value": "OSIsoft PI Data Archive"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02"
},
{
"name": "103399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7533",
"datePublished": "2018-03-14T18:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:31:04.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8848 (GCVE-0-2018-8848)
Vulnerability from cvelistv5 – Published: 2018-09-26 19:00 – Updated: 2024-09-17 01:21
VLAI
Summary
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
Severity
No CVSS data available.
CWE
- CWE-276 - INCORRECT DEFAULT PERMISSIONS CWE-276
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.usa.philips.com/healthcare/about/cust… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105194 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Philips | e-Alert Unit (non-medical device) |
Affected:
R2.1 and prior
|
Date Public
2018-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name": "105194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105194"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "e-Alert Unit (non-medical device)",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "R2.1 and prior"
}
]
}
],
"datePublic": "2018-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "INCORRECT DEFAULT PERMISSIONS CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-27T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name": "105194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105194"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-31T00:00:00",
"ID": "CVE-2018-8848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "e-Alert Unit (non-medical device)",
"version": {
"version_data": [
{
"version_value": "R2.1 and prior"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INCORRECT DEFAULT PERMISSIONS CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "CONFIRM",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name": "105194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105194"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8848",
"datePublished": "2018-09-26T19:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:25.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14861 (GCVE-0-2019-14861)
Vulnerability from cvelistv5 – Published: 2019-12-10 22:19 – Updated: 2024-08-05 00:26
VLAI
Summary
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
Severity
5.3 (Medium)
CWE
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/4217-1/ | vendor-advisory |
| https://usn.ubuntu.com/4217-2/ | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202003-52 | vendor-advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | |
| https://security.netapp.com/advisory/ntap-2019121… | |
| https://www.samba.org/samba/security/CVE-2019-148… | |
| https://www.synology.com/security/advisory/Synolo… | |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-list |
| http://www.openwall.com/lists/oss-security/2024/06/24/3 | mailing-list |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-14861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T15:36:30.362174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T15:37:11.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4217-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4217-1/"
},
{
"name": "USN-4217-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4217-2/"
},
{
"name": "FEDORA-2019-be98a08835",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"
},
{
"name": "openSUSE-SU-2019:2700",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"
},
{
"name": "FEDORA-2019-11dddb785b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"
},
{
"name": "GLSA-202003-52",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-52"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191210-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2019-14861.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_40"
},
{
"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
},
{
"name": "[oss-security] 20240625 Re: Out-of-bounds read \u0026 write in the glibc\u0027s qsort()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "all versions 4.11.x before 4.11.3"
},
{
"status": "affected",
"version": "all versions 4.10.x before 4.10.11"
},
{
"status": "affected",
"version": "all versions 4.x.x before 4.9.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:05:54.054Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4217-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4217-1/"
},
{
"name": "USN-4217-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4217-2/"
},
{
"name": "FEDORA-2019-be98a08835",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"
},
{
"name": "openSUSE-SU-2019:2700",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"
},
{
"name": "FEDORA-2019-11dddb785b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"
},
{
"name": "GLSA-202003-52",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202003-52"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"
},
{
"url": "https://security.netapp.com/advisory/ntap-20191210-0002/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2019-14861.html"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_40"
},
{
"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
},
{
"name": "[oss-security] 20240625 Re: Out-of-bounds read \u0026 write in the glibc\u0027s qsort()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14861",
"datePublished": "2019-12-10T22:19:05.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17103 (GCVE-0-2019-17103)
Vulnerability from cvelistv5 – Published: 2020-01-27 14:10 – Updated: 2024-09-16 19:09
VLAI
Title
Get-task-allow entitlement via BDLDaemon on macOS
Summary
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
Severity
4.9 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.bitdefender.com/support/security-advi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bitdefender | Bitdefender AV for Mac |
Affected:
unspecified , < 8.0.0
(custom)
|
Date Public
2019-12-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender AV for Mac",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bugcrowd user Bohops"
}
],
"datePublic": "2019-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:10:17.000Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Bitdefender AV for Mac to version 8.0.0 or higher."
}
],
"source": {
"advisory": "VA-3448",
"defect": [
"VA-3448"
],
"discovery": "EXTERNAL"
},
"title": "Get-task-allow entitlement via BDLDaemon on macOS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2019-12-30T10:00:00.000Z",
"ID": "CVE-2019-17103",
"STATE": "PUBLIC",
"TITLE": "Get-task-allow entitlement via BDLDaemon on macOS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender AV for Mac",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bugcrowd user Bohops"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Bitdefender AV for Mac to version 8.0.0 or higher."
}
],
"source": {
"advisory": "VA-3448",
"defect": [
"VA-3448"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2019-17103",
"datePublished": "2020-01-27T14:10:17.721Z",
"dateReserved": "2019-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:09:06.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18900 (GCVE-0-2019-18900)
Vulnerability from cvelistv5 – Published: 2020-01-24 15:15 – Updated: 2024-09-16 20:52
VLAI
Title
libzypp stores cookies world readable
Summary
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.
Severity
4 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1158763 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | CaaS Platform 3.0 |
Affected:
libzypp , < 16.21.2-27.68.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12 |
Affected:
libzypp , < 16.21.2-2.45.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 |
Affected:
libzypp 17.19.0-3.34.1
|
Date Public
2020-01-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763"
},
{
"name": "openSUSE-SU-2020:0255",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2132-1] libzypp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CaaS Platform 3.0",
"vendor": "SUSE",
"versions": [
{
"lessThan": "16.21.2-27.68.1",
"status": "affected",
"version": "libzypp",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12",
"vendor": "SUSE",
"versions": [
{
"lessThan": "16.21.2-2.45.1",
"status": "affected",
"version": "libzypp",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 15",
"vendor": "SUSE",
"versions": [
{
"status": "affected",
"version": "libzypp 17.19.0-3.34.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2020-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-04T04:05:59.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763"
},
{
"name": "openSUSE-SU-2020:0255",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2132-1] libzypp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158763",
"defect": [
"1158763"
],
"discovery": "INTERNAL"
},
"title": "libzypp stores cookies world readable",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-01-24T00:00:00.000Z",
"ID": "CVE-2019-18900",
"STATE": "PUBLIC",
"TITLE": "libzypp stores cookies world readable"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CaaS Platform 3.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "libzypp",
"version_value": "16.21.2-27.68.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "libzypp",
"version_value": "16.21.2-2.45.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_name": "libzypp",
"version_value": "17.19.0-3.34.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1158763",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763"
},
{
"name": "openSUSE-SU-2020:0255",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2132-1] libzypp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158763",
"defect": [
"1158763"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-18900",
"datePublished": "2020-01-24T15:15:15.806Z",
"dateReserved": "2019-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:52:26.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.