openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permission...
Python keyring lib before 0.10 created keyring files with world-readable permissions.
An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June...
An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June ...
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the op...
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.