Vulnerabilities (CVE)

Filtered by CWE-276
Total 875 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15962 1 Cisco 14 Telepresence Collaboration Endpoint, Webex Board 55, Webex Board 55s and 11 more 2023-12-10 6.6 MEDIUM 4.4 MEDIUM
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.
CVE-2019-14737 1 Ubisoft 1 Uplay 2023-12-10 4.6 MEDIUM 7.8 HIGH
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.
CVE-2014-7301 1 Hp 1 Sgi Tempo 2023-12-10 4.6 MEDIUM 6.6 MEDIUM
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.
CVE-2019-19675 1 Ivanti 1 Workspace Control 2023-12-10 4.4 MEDIUM 7.8 HIGH
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.
CVE-2019-16913 1 Pcprotect 1 Antivirus 2023-12-10 7.2 HIGH 7.8 HIGH
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.
CVE-2019-10463 1 Jenkins 1 Dynatrace Application Monitoring 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-14568 1 Intel 1 Rapid Storage Technology 2023-12-10 4.6 MEDIUM 7.8 HIGH
Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-6166 1 Webfactoryltd 1 Minimal Coming Soon \& Maintenance Mode 2023-12-10 5.5 MEDIUM 5.4 MEDIUM
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.
CVE-2015-9476 1 Teardrop Project 1 Teardrop 2023-12-10 6.5 MEDIUM 8.8 HIGH
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
CVE-2020-5196 1 Cerberusftp 1 Ftp Server 2023-12-10 5.5 MEDIUM 8.1 HIGH
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.
CVE-2019-19792 1 Eset 1 Cyber Security 2023-12-10 7.2 HIGH 6.7 MEDIUM
A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.
CVE-2019-0134 1 Intel 1 Dynamic Platform And Thermal Framework 2023-12-10 4.6 MEDIUM 7.8 HIGH
Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege.
CVE-2020-0009 2 Debian, Google 2 Debian Linux, Android 2023-12-10 2.1 LOW 5.5 MEDIUM
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
CVE-2019-11097 1 Intel 1 Trusted Execution Engine Firmware 2023-12-10 4.6 MEDIUM 7.8 HIGH
Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-19724 1 Sylabs 1 Singularity 2023-12-10 5.0 MEDIUM 7.5 HIGH
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
CVE-2010-5108 2 Debian, Edgewall 2 Debian Linux, Trac 2023-12-10 5.0 MEDIUM 7.5 HIGH
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
CVE-2020-0023 1 Google 1 Android 2023-12-10 4.7 MEDIUM 5.5 MEDIUM
In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871
CVE-2019-19475 1 Zohocorp 1 Manageengine Applications Manager 2023-12-10 9.0 HIGH 8.8 HIGH
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.
CVE-2019-17334 1 Tibco 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more 2023-12-10 6.0 MEDIUM 8.0 HIGH
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
CVE-2019-11765 1 Mozilla 1 Firefox 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.