Total
1220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14916 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2020-08-24 | 9.4 HIGH | 9.1 CRITICAL |
| LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | |||||
| CVE-2018-17873 | 1 Wifiranger | 2 Wifiranger, Wifiranger Firmware | 2020-08-24 | 3.3 LOW | 8.8 HIGH |
| An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | |||||
| CVE-2018-4178 | 1 Apple | 1 Mac Os X | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4. | |||||
| CVE-2019-10710 | 1 Hisilicon | 2 Hi3510, Hi3510 Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc. | |||||
| CVE-2019-14969 | 1 Netwrix | 1 Auditor | 2020-08-24 | 6.9 MEDIUM | 7.8 HIGH |
| Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links. | |||||
| CVE-2019-18449 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2). | |||||
| CVE-2019-15084 | 1 Maxx | 1 Waves Maxx Audio | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM. | |||||
| CVE-2018-15768 | 1 Dell | 1 Openmanage Network Manager | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. | |||||
| CVE-2018-14866 | 1 Odoo | 1 Odoo | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs. | |||||
| CVE-2019-11806 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| OX App Suite 7.10.1 and earlier has Insecure Permissions. | |||||
| CVE-2019-18856 | 1 Drupal | 1 Svg Sanitizer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | |||||
| CVE-2019-11166 | 1 Intel | 1 Easy Streaming Wizard | 2020-08-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. | |||||
| CVE-2019-1378 | 1 Microsoft | 1 Windows 10 Update Assistant | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. | |||||
| CVE-2018-20871 | 1 Univa | 1 Grid Engine | 2020-08-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). | |||||
| CVE-2019-17388 | 4 Aviatrix, Freebsd, Linux and 1 more | 4 Vpn Client, Freebsd, Linux Kernel and 1 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. | |||||
| CVE-2019-14935 | 2 3cx, Microsoft | 2 3cx, Windows | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | |||||
| CVE-2019-19262 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | |||||
| CVE-2018-14886 | 1 Odoo | 1 Odoo | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description. | |||||
| CVE-2018-18332 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | |||||
| CVE-2018-20908 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | |||||