Total
881 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5687 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor | |||||
CVE-2019-0683 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | |||||
CVE-2019-16186 | 1 Limesurvey | 1 Limesurvey | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | |||||
CVE-2018-13287 | 1 Synology | 1 Router Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
CVE-2019-16106 | 1 Humanica | 1 Humatrix | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. | |||||
CVE-2019-3870 | 3 Fedoraproject, Samba, Synology | 9 Fedora, Samba, Directory Server and 6 more | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. | |||||
CVE-2019-16183 | 1 Limesurvey | 1 Limesurvey | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. | |||||
CVE-2019-16355 | 1 Beego | 1 Beego | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | |||||
CVE-2019-16185 | 1 Limesurvey | 1 Limesurvey | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | |||||
CVE-2018-12441 | 1 Corsair | 1 Corsair Utility Engine | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service. | |||||
CVE-2018-7535 | 1 Totalav | 1 Totalav | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product. | |||||
CVE-2018-11906 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. | |||||
CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-12-10 | 4.6 MEDIUM | 7.4 HIGH |
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | |||||
CVE-2018-12175 | 1 Intel | 1 Distribution For Python | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. | |||||
CVE-2018-9085 | 2 Ibm, Lenovo | 56 Bladecenter, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 53 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | |||||
CVE-2017-3209 | 2 Busybox, Dbpower | 3 Busybox, U818a, U818a Firmware | 2023-12-10 | 4.8 MEDIUM | 8.1 HIGH |
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recorded by the device, or to replace system files such as /etc/shadow to gain further access to the device. Furthermore, the DBPOWER U818A WIFI quadcopter drone uses BusyBox 1.20.2, which was released in 2012, and may be vulnerable to other known BusyBox vulnerabilities. | |||||
CVE-2018-10604 | 1 Selinc | 1 Sel Compass | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. | |||||
CVE-2018-12160 | 1 Intel | 1 Data Migration Software | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. | |||||
CVE-2017-16128 | 1 Npm-script-demo Project | 1 Npm-script-demo | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. | |||||
CVE-2017-7794 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. |