Total
1019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16183 | 1 Limesurvey | 1 Limesurvey | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. | |||||
| CVE-2019-16186 | 1 Limesurvey | 1 Limesurvey | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | |||||
| CVE-2019-5687 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor | |||||
| CVE-2018-7822 | 1 Schneider-electric | 3 Modicon M221, Modicon M221 Firmware, Somachine Basic | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. | |||||
| CVE-2019-3689 | 2 Linux-nfs, Suse | 2 Nfs-utils, Linux Enterprise Server | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system. | |||||
| CVE-2019-9679 | 1 Dahuasecurity | 18 Ipc-hdbw4x2x, Ipc-hdbw4x2x Firmware, Ipc-hdw1x2x and 15 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. | |||||
| CVE-2019-0683 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | |||||
| CVE-2018-12441 | 1 Corsair | 1 Corsair Utility Engine | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service. | |||||
| CVE-2018-12175 | 1 Intel | 1 Distribution For Python | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. | |||||
| CVE-2018-14650 | 2 Redhat, Sos-collector Project | 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 3 more | 2024-02-04 | 1.9 LOW | 5.0 MEDIUM |
| It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. | |||||
| CVE-2018-11906 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. | |||||
| CVE-2018-9085 | 2 Ibm, Lenovo | 56 Bladecenter, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 53 more | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | |||||
| CVE-2018-7535 | 1 Totalav | 1 Totalav | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product. | |||||
| CVE-2018-12160 | 1 Intel | 1 Data Migration Software | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
| DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. | |||||
| CVE-2018-10604 | 1 Selinc | 1 Sel Compass | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. | |||||
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-02-04 | 4.6 MEDIUM | 7.4 HIGH |
| Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | |||||
| CVE-2017-3209 | 2 Busybox, Dbpower | 3 Busybox, U818a, U818a Firmware | 2024-02-04 | 4.8 MEDIUM | 8.1 HIGH |
| The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recorded by the device, or to replace system files such as /etc/shadow to gain further access to the device. Furthermore, the DBPOWER U818A WIFI quadcopter drone uses BusyBox 1.20.2, which was released in 2012, and may be vulnerable to other known BusyBox vulnerabilities. | |||||
| CVE-2017-7794 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-7761 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
| The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||