Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10472 | 1 Jenkins | 1 Libvirt Slaves | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10469 | 1 Jenkins | 1 Kubernetes Ci | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10470 | 1 Jenkins | 1 Kubernetes Ci | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2019-10465 | 1 Jenkins | 1 Deploy Weblogic | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | ||||
| CVE-2019-10463 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2019-10474 | 1 Jenkins | 1 Global Post Script | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | ||||
| CVE-2019-10473 | 1 Jenkins | 1 Libvirt Slaves | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2019-9943 | 1 Openmicroscopy | 1 Omero.server | 2024-08-04 | 7.5 High |
| In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled. | ||||
| CVE-2019-9630 | 1 Sonatype | 1 Nexus Repository Manager | 2024-08-04 | N/A |
| Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. | ||||
| CVE-2019-9679 | 1 Dahuasecurity | 18 Ipc-hdbw4x2x, Ipc-hdbw4x2x Firmware, Ipc-hdw1x2x and 15 more | 2024-08-04 | 8.8 High |
| Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. | ||||
| CVE-2019-9682 | 1 Dahuasecurity | 40 Ipc-hdbw1320e-w, Ipc-hdbw1320e-w Firmware, Ipc-hx2xxx and 37 more | 2024-08-04 | 8.1 High |
| Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method. | ||||
| CVE-2019-8777 | 1 Apple | 1 Mac Os X | 2024-08-04 | 2.4 Low |
| A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen. | ||||
| CVE-2019-8731 | 1 Apple | 1 Iphone Os | 2024-08-04 | 5.5 Medium |
| A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information. | ||||
| CVE-2019-5687 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-08-04 | N/A |
| NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor | ||||
| CVE-2019-3944 | 1 Parrot | 2 Anafi, Anafi Firmware | 2024-08-04 | 7.5 High |
| Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight. | ||||
| CVE-2019-3870 | 3 Fedoraproject, Samba, Synology | 9 Fedora, Samba, Directory Server and 6 more | 2024-08-04 | 6.1 Medium |
| A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. | ||||
| CVE-2019-2200 | 1 Google | 1 Android | 2024-08-04 | 7.3 High |
| In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274 | ||||
| CVE-2019-2114 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 | ||||
| CVE-2019-2173 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 | ||||
| CVE-2019-0683 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-08-04 | N/A |
| An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | ||||