Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18366 | 1 Jetbrains | 1 Teamcity | 2019-11-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. | |||||
| CVE-2019-18367 | 1 Jetbrains | 1 Teamcity | 2019-11-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | |||||
| CVE-2019-18369 | 1 Jetbrains | 1 Youtrack | 2019-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | |||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2019-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. | |||||
| CVE-2019-2114 | 1 Google | 1 Android | 2019-10-25 | 4.4 MEDIUM | 7.8 HIGH |
| In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 | |||||
| CVE-2019-15962 | 1 Cisco | 14 Telepresence Collaboration Endpoint, Webex Board 55, Webex Board 55s and 11 more | 2019-10-22 | 6.6 MEDIUM | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device. | |||||
| CVE-2019-17043 | 1 Bmc | 1 Patrol Agent | 2019-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution. | |||||
| CVE-2019-17044 | 2 Bmc, Linux | 2 Patrol Agent, Linux Kernel | 2019-10-18 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution. | |||||
| CVE-2019-2173 | 1 Google | 1 Android | 2019-10-16 | 4.6 MEDIUM | 7.8 HIGH |
| In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 | |||||
| CVE-2015-9474 | 1 Simpolio Project | 1 Simpolio | 2019-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2015-9475 | 1 Pont Project | 1 Pont | 2019-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2015-9476 | 1 Teardrop Project | 1 Teardrop | 2019-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2015-9477 | 1 Vernissage Project | 1 Vernissage | 2019-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2018-7533 | 1 Osisoft | 1 Pi Data Archive | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. | |||||
| CVE-2018-13287 | 1 Synology | 1 Router Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2018-0023 | 1 Juniper | 1 Jsnapy | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github. | |||||
| CVE-2017-7968 | 1 Schneider-electric | 1 Wonderware Indusoft Web Studio | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges. | |||||
| CVE-2017-16128 | 1 Npm-script-demo Project | 1 Npm-script-demo | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. | |||||
| CVE-2017-16127 | 1 Pandora-doomsday Project | 1 Pandora-doomsday | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The module pandora-doomsday infects other modules. It's since been unpublished from the registry. | |||||
| CVE-2017-12699 | 1 Azeotech | 1 Daqfactory | 2019-10-09 | 3.6 LOW | 7.1 HIGH |
| An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. | |||||