Total
880 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17053 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | |||||
CVE-2019-17421 | 1 Zohocorp | 2 Manageengine Firewall Analyzer, Manageengine Opmanager | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. | |||||
CVE-2019-14603 | 1 Intel | 1 Quartus Prime | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-7979 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | |||||
CVE-2015-9474 | 1 Simpolio Project | 1 Simpolio | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | |||||
CVE-2019-10465 | 1 Jenkins | 1 Deploy Weblogic | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | |||||
CVE-2013-4859 | 1 Insteon | 2 Hub, Hub Firmware | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
INSTEON Hub 2242-222 lacks Web and API authentication | |||||
CVE-2019-10469 | 1 Jenkins | 1 Kubernetes Ci | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2019-17044 | 2 Bmc, Linux | 2 Patrol Agent, Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution. | |||||
CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | |||||
CVE-2020-5231 | 1 Apereo | 1 Opencast | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name – implying an admin for a specific course – users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration. | |||||
CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Python keyring lib before 0.10 created keyring files with world-readable permissions. | |||||
CVE-2019-2114 | 1 Google | 1 Android | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 | |||||
CVE-2020-9408 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0. | |||||
CVE-2018-17860 | 1 Cloudera | 1 Cdh | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | |||||
CVE-2019-10474 | 1 Jenkins | 1 Global Post Script | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | |||||
CVE-2019-11154 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | |||||
CVE-2015-9475 | 1 Pont Project | 1 Pont | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | |||||
CVE-2019-17383 | 1 Netaddr Project | 1 Netaddr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | |||||
CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. |