Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19712 | 1 Contao | 1 Contao | 2019-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. | |||||
| CVE-2019-15011 | 1 Atlassian | 1 Application Links | 2019-12-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check. | |||||
| CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2019-12-27 | 4.4 MEDIUM | 7.8 HIGH |
| In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | |||||
| CVE-2019-17334 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2019-12-27 | 6.0 MEDIUM | 8.0 HIGH |
| The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below. | |||||
| CVE-2019-0134 | 1 Intel | 1 Dynamic Platform And Thermal Framework | 2019-12-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege. | |||||
| CVE-2019-14605 | 1 Intel | 1 Setup And Configuration Software Platform Discovery Utility | 2019-12-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. | |||||
| CVE-2019-8731 | 1 Apple | 1 Iphone Os | 2019-12-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information. | |||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2019-12-18 | 4.4 MEDIUM | 7.3 HIGH |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | |||||
| CVE-2019-19460 | 2 Microsoft, Saltosystem | 2 Windows, Proaccess Space | 2019-12-13 | 6.6 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. | |||||
| CVE-2018-20090 | 1 Cloudera | 1 Data Science Workbench | 2019-12-12 | 6.5 MEDIUM | 8.3 HIGH |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. | |||||
| CVE-2018-17860 | 1 Cloudera | 1 Cdh | 2019-12-12 | 6.5 MEDIUM | 7.2 HIGH |
| Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | |||||
| CVE-2018-2025 | 1 Ibm | 2 Spectrum Protect, Spectrum Protect For Virtual Environments | 2019-12-05 | 3.6 LOW | 4.4 MEDIUM |
| IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551. | |||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2019-12-04 | 2.1 LOW | 6.2 MEDIUM |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created | |||||
| CVE-2019-19202 | 1 Vtiger | 1 Vtiger Crm | 2019-12-04 | 6.5 MEDIUM | 8.8 HIGH |
| In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. | |||||
| CVE-2019-3688 | 1 Suse | 1 Suse Linux Enterprise Server | 2019-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary | |||||
| CVE-2019-14602 | 2 Intel, Microsoft | 2 Nuvoton Consumer Infrared, Windows | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | |||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2019-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | |||||
| CVE-2019-4652 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2019-11-14 | 3.6 LOW | 7.1 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. | |||||
| CVE-2019-12752 | 1 Symantec | 1 Sonar | 2019-11-07 | 4.1 MEDIUM | 6.1 MEDIUM |
| The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. | |||||