CVE-2019-3688

HIGH Year: 2019
CVSS v3 Score
7.1
High
CVSS v2 Score
6.6
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary

Related Vulnerabilities

CVE-2017-12699

HIGH
CVSS:7.1(High)

An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with ma...

CWE-2762017

CVE-2017-1382

HIGH
CVSS:7.1(High)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker co...

CWE-2762017

CVE-2019-5687

HIGH
CVSS:7.1(High)

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an obje...

CWE-2762019

CVE-2020-36611

HIGH
CVSS:7.1(High)

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi ...

CWE-2762020

CVE-2020-36652

HIGH
CVSS:7.1(High)

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server...

CWE-2762020

CVE-2021-1056

HIGH
CVSS:7.1(High)

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provi...

CWE-2762021