Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-276
Total 743 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19896 1 Ixpdata 1 Easyinstall 2020-01-29 9.0 HIGH 9.9 CRITICAL
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients.
CVE-2019-14601 1 Intel 1 Raid Web Console 3 2020-01-24 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-5196 1 Cerberusftp 1 Ftp Server 2020-01-16 5.5 MEDIUM 8.1 HIGH
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.
CVE-2019-16716 1 Open-xchange 1 Open-xchange Appsuite 2020-01-15 8.5 HIGH 6.6 MEDIUM
OX App Suite through 7.10.2 has Incorrect Access Control.
CVE-2019-11765 1 Mozilla 1 Firefox 2020-01-13 4.3 MEDIUM 6.5 MEDIUM
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.
CVE-2012-4434 1 Cipherdyne 1 Fwknop 2020-01-10 6.5 MEDIUM 8.8 HIGH
fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.
CVE-2020-6166 1 Webfactoryltd 1 Minimal Coming Soon \& Maintenance Mode 2020-01-10 5.5 MEDIUM 5.4 MEDIUM
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.
CVE-2013-4764 1 Samsung 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more 2020-01-10 2.1 LOW 4.3 MEDIUM
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.
CVE-2013-4763 1 Samsung 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more 2020-01-10 2.1 LOW 4.6 MEDIUM
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.
CVE-2013-4859 1 Insteon 2 Hub, Hub Firmware 2020-01-09 9.3 HIGH 8.1 HIGH
INSTEON Hub 2242-222 lacks Web and API authentication
CVE-2019-14568 1 Intel 1 Rapid Storage Technology 2020-01-08 4.6 MEDIUM 7.8 HIGH
Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-16554 1 Jenkins 1 Build Failure Analyzer 2020-01-03 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
CVE-2019-16552 1 Jenkins 1 Gerrit Trigger 2020-01-03 5.5 MEDIUM 5.4 MEDIUM
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.
CVE-2019-16559 1 Jenkins 1 Websphere Deployer 2020-01-03 5.5 MEDIUM 5.4 MEDIUM
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
CVE-2019-11097 1 Intel 1 Trusted Execution Engine Firmware 2020-01-02 4.6 MEDIUM 7.8 HIGH
Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-19712 1 Contao 1 Contao 2019-12-31 5.0 MEDIUM 5.3 MEDIUM
Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.
CVE-2019-15011 1 Atlassian 1 Application Links 2019-12-30 4.0 MEDIUM 4.3 MEDIUM
The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.
CVE-2019-19675 1 Ivanti 1 Workspace Control 2019-12-27 4.4 MEDIUM 7.8 HIGH
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.
CVE-2019-17334 1 Tibco 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more 2019-12-27 6.0 MEDIUM 8.0 HIGH
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
CVE-2019-0134 1 Intel 1 Dynamic Platform And Thermal Framework 2019-12-23 4.6 MEDIUM 7.8 HIGH
Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege.