Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2177 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2019-1618 | 1 Cisco | 2 Nexus 9000, Nx-os | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running versions prior to 7.0(3)I7(5). | |||||
| CVE-2019-15962 | 1 Cisco | 14 Telepresence Collaboration Endpoint, Webex Board 55, Webex Board 55s and 11 more | 2024-11-21 | 6.6 MEDIUM | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device. | |||||
| CVE-2019-12622 | 1 Cisco | 7 Roomos, Telepresence Codec C40, Telepresence Codec C40 Firmware and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges. | |||||
| CVE-2019-11146 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11145 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-15379 | 1 Cisco | 1 Prime Infrastructure | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication. | |||||
| CVE-2018-0449 | 1 Cisco | 1 Jabber | 2024-11-21 | 3.3 LOW | 4.2 MEDIUM |
| A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten. | |||||
| CVE-2018-0392 | 1 Cisco | 6 Mobility Services Engine 3310, Mobility Services Engine 3310 Firmware, Mobility Services Engine 3355 and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087. | |||||
| CVE-2017-9327 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Secret data of processes managed by CM is not secured by file permissions. | |||||
| CVE-2017-5809 | 1 Hp | 1 Data Protector | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
| CVE-2017-2590 | 2 Freeipa, Redhat | 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. | |||||
| CVE-2017-1418 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-11-21 | 3.6 LOW | 4.0 MEDIUM |
| IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. | |||||
| CVE-2017-1396 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.5 MEDIUM | 4.2 MEDIUM |
| IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. | |||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
| CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | |||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
| CVE-2017-17060 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | |||||