Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2019-14273 | Files or Directories Accessible to External Parties vulnerability in Silverstripe In SilverStripe assets 4.0, there is broken access control on files. | 5.3 |
| 2019-09-16 | CVE-2019-13140 | Files or Directories Accessible to External Parties vulnerability in Intenogroup Eg200 Firmware Eg200Wu7P1Uadamo3.16.41902261650 Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. | 6.5 |
| 2019-08-01 | CVE-2016-10829 | Files or Directories Accessible to External Parties vulnerability in Cpanel cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | 6.5 |
| 2019-07-24 | CVE-2019-3622 | Files or Directories Accessible to External Parties vulnerability in Mcafee Data Loss Prevention Endpoint Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | 8.2 |
| 2019-07-08 | CVE-2019-13404 | Files or Directories Accessible to External Parties vulnerability in Python The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. | 7.8 |
| 2019-06-03 | CVE-2019-12375 | Files or Directories Accessible to External Parties vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | 6.3 |
| 2019-02-11 | CVE-2018-9587 | Files or Directories Accessible to External Parties vulnerability in Google Android In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. | 7.3 |
| 2019-01-22 | CVE-2017-6922 | Files or Directories Accessible to External Parties vulnerability in multiple products In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. | 6.5 |
| 2018-09-12 | CVE-2018-16946 | Files or Directories Accessible to External Parties vulnerability in LG products LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. | 7.5 |
| 2018-07-27 | CVE-2017-2621 | Files or Directories Accessible to External Parties vulnerability in multiple products An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. | 5.5 |