Total
877 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17334 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
| The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below. | |||||
| CVE-2019-11765 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70. | |||||
| CVE-2019-19118 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) | |||||
| CVE-2020-9039 | 1 Couchbase | 1 Couchbase Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs. | |||||
| CVE-2019-10472 | 1 Jenkins | 1 Libvirt Slaves | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | |||||
| CVE-2014-7303 | 1 Hp | 1 Sgi Tempo | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | |||||
| CVE-2020-0560 | 1 Intel | 1 Renesas Electronics Usb 3.0 Driver | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | |||||
| CVE-2019-17365 | 1 Nixos | 1 Nix | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | |||||
| CVE-2019-2173 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 | |||||
| CVE-2019-14002 | 1 Qualcomm | 58 Apq8053, Apq8053 Firmware, Apq8096au and 55 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-18369 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | |||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | |||||
| CVE-2019-19202 | 1 Vtiger | 1 Vtiger Crm | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. | |||||
| CVE-2020-7977 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | |||||
| CVE-2019-17124 | 1 Kramerav | 1 Viaware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | |||||
| CVE-2020-8114 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | |||||
| CVE-2020-3838 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2013-1425 | 2 Debian, Ldap Git Backup Project | 2 Debian Linux, Ldap Git Backup | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | |||||