Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-08-05 | 7.4 High |
| Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | ||||
| CVE-2019-20889 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. | ||||
| CVE-2019-20882 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. | ||||
| CVE-2019-20536 | 1 Google | 1 Android | 2024-08-05 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019). | ||||
| CVE-2019-20468 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2024-08-05 | 9.8 Critical |
| An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. | ||||
| CVE-2019-19896 | 1 Ixpdata | 1 Easyinstall | 2024-08-05 | 9.9 Critical |
| In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients. | ||||
| CVE-2019-19792 | 1 Eset | 1 Cyber Security | 2024-08-05 | 6.7 Medium |
| A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. | ||||
| CVE-2019-19712 | 1 Contao | 1 Contao | 2024-08-05 | 5.3 Medium |
| Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. | ||||
| CVE-2019-19724 | 1 Sylabs | 1 Singularity | 2024-08-05 | 7.5 High |
| Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. | ||||
| CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2024-08-05 | 7.8 High |
| In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | ||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2024-08-05 | 7.3 High |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | ||||
| CVE-2019-19475 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-05 | 8.8 High |
| An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | ||||
| CVE-2019-19460 | 2 Microsoft, Saltosystem | 2 Windows, Proaccess Space | 2024-08-05 | 5.5 Medium |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. | ||||
| CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2024-08-05 | 9.8 Critical |
| The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | ||||
| CVE-2019-19202 | 1 Vtiger | 1 Vtiger Crm | 2024-08-05 | 8.8 High |
| In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. | ||||
| CVE-2019-19118 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-08-05 | 6.5 Medium |
| Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) | ||||
| CVE-2019-18367 | 1 Jetbrains | 1 Teamcity | 2024-08-05 | 5.3 Medium |
| In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | ||||
| CVE-2019-18369 | 1 Jetbrains | 1 Youtrack | 2024-08-05 | 5.3 Medium |
| In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | ||||
| CVE-2019-18366 | 1 Jetbrains | 1 Teamcity | 2024-08-05 | 5.3 Medium |
| In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. | ||||
| CVE-2019-17421 | 1 Zohocorp | 2 Manageengine Firewall Analyzer, Manageengine Opmanager | 2024-08-05 | 7.8 High |
| Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. | ||||