Total
880 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-18895 | 2 Microsoft, Scanguard | 2 Windows, Scanguard Antivirus | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | |||||
CVE-2019-3688 | 1 Suse | 1 Suse Linux Enterprise Server | 2023-12-10 | 6.6 MEDIUM | 7.1 HIGH |
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary | |||||
CVE-2019-18367 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | |||||
CVE-2019-16554 | 1 Jenkins | 1 Build Failure Analyzer | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | |||||
CVE-2019-16559 | 1 Jenkins | 1 Websphere Deployer | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | |||||
CVE-2019-17056 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. | |||||
CVE-2015-9477 | 1 Vernissage Project | 1 Vernissage | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | |||||
CVE-2019-19896 | 1 Ixpdata | 1 Easyinstall | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients. | |||||
CVE-2019-17052 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | |||||
CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2023-12-10 | 2.1 LOW | 4.3 MEDIUM |
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | |||||
CVE-2019-8731 | 1 Apple | 1 Iphone Os | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information. | |||||
CVE-2020-2117 | 1 Jenkins | 1 Pipeline Github Notify Step | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2018-20090 | 1 Cloudera | 1 Data Science Workbench | 2023-12-10 | 6.5 MEDIUM | 8.3 HIGH |
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. | |||||
CVE-2019-3687 | 1 Suse | 1 Linux Enterprise Server | 2023-12-10 | 1.9 LOW | 3.3 LOW |
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. | |||||
CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |||||
CVE-2018-2025 | 1 Ibm | 2 Spectrum Protect, Spectrum Protect For Virtual Environments | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551. | |||||
CVE-2020-0564 | 1 Intel | 1 Raid Web Console 3 | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-2200 | 1 Google | 1 Android | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274 | |||||
CVE-2019-10470 | 1 Jenkins | 1 Kubernetes Ci | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
CVE-2019-15011 | 1 Atlassian | 1 Application Links | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check. |