Total
875 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15962 | 1 Cisco | 14 Telepresence Collaboration Endpoint, Webex Board 55, Webex Board 55s and 11 more | 2023-12-10 | 6.6 MEDIUM | 4.4 MEDIUM |
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device. | |||||
CVE-2019-14737 | 1 Ubisoft | 1 Uplay | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. | |||||
CVE-2014-7301 | 1 Hp | 1 Sgi Tempo | 2023-12-10 | 4.6 MEDIUM | 6.6 MEDIUM |
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw. | |||||
CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | |||||
CVE-2019-16913 | 1 Pcprotect | 1 Antivirus | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. | |||||
CVE-2019-10463 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
CVE-2019-14568 | 1 Intel | 1 Rapid Storage Technology | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-6166 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. | |||||
CVE-2015-9476 | 1 Teardrop Project | 1 Teardrop | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | |||||
CVE-2020-5196 | 1 Cerberusftp | 1 Ftp Server | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission. | |||||
CVE-2019-19792 | 1 Eset | 1 Cyber Security | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. | |||||
CVE-2019-0134 | 1 Intel | 1 Dynamic Platform And Thermal Framework | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege. | |||||
CVE-2020-0009 | 2 Debian, Google | 2 Debian Linux, Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 | |||||
CVE-2019-11097 | 1 Intel | 1 Trusted Execution Engine Firmware | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-19724 | 1 Sylabs | 1 Singularity | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. | |||||
CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | |||||
CVE-2020-0023 | 1 Google | 1 Android | 2023-12-10 | 4.7 MEDIUM | 5.5 MEDIUM |
In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871 | |||||
CVE-2019-19475 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | |||||
CVE-2019-17334 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below. | |||||
CVE-2019-11765 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70. |