Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16552 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | |||||
| CVE-2019-16355 | 1 Beego | 1 Beego | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | |||||
| CVE-2019-16186 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | |||||
| CVE-2019-16185 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | |||||
| CVE-2019-16183 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. | |||||
| CVE-2019-16106 | 1 Humanica | 1 Humatrix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. | |||||
| CVE-2019-16061 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data (e.g., .htpasswd) and create/modify/delete content (e.g., under /var/www/html/docs) within the operating system. | |||||
| CVE-2019-15962 | 1 Cisco | 14 Telepresence Collaboration Endpoint, Webex Board 55, Webex Board 55s and 11 more | 2024-11-21 | 6.6 MEDIUM | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device. | |||||
| CVE-2019-15793 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
| In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions. | |||||
| CVE-2019-15716 | 1 Wtfutil | 1 Wtf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults. | |||||
| CVE-2019-15011 | 1 Atlassian | 1 Application Links | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check. | |||||
| CVE-2019-14925 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. | |||||
| CVE-2019-14861 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. | |||||
| CVE-2019-14737 | 1 Ubisoft | 1 Uplay | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. | |||||
| CVE-2019-14718 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | |||||
| CVE-2019-14605 | 1 Intel | 1 Setup And Configuration Software Platform Discovery Utility | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. | |||||
| CVE-2019-14603 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14602 | 2 Intel, Microsoft | 2 Nuvoton Consumer Infrared, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14601 | 1 Intel | 1 Raid Web Console 3 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14568 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||