Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-281
Total 139 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9781 1 Apple 2 Ipados, Iphone Os 2020-04-03 5.0 MEDIUM 5.3 MEDIUM
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.
CVE-2020-10083 1 Gitlab 1 Gitlab 2020-03-17 6.4 MEDIUM 9.1 CRITICAL
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
CVE-2020-8634 1 Wftpserver 1 Wing Ftp Server 2020-03-09 7.2 HIGH 7.8 HIGH
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.
CVE-2020-9442 2 Microsoft, Openvpn 2 Windows, Connect 2020-03-03 7.2 HIGH 7.8 HIGH
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
CVE-2020-8633 1 Synacor 1 Zimbra Collaboration Suite 2020-02-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
CVE-2019-15621 1 Nextcloud 1 Nextcloud Server 2020-02-15 4.0 MEDIUM 6.5 MEDIUM
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.
CVE-2020-8117 1 Nextcloud 1 Nextcloud Server 2020-02-06 4.0 MEDIUM 4.3 MEDIUM
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
CVE-2019-19620 1 Dell 1 Red Cloak Windows Agent 2019-12-17 2.1 LOW 3.3 LOW
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file.
CVE-2019-18457 1 Gitlab 1 Gitlab 2019-11-27 6.5 MEDIUM 8.8 HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.
CVE-2019-18458 1 Gitlab 1 Gitlab 2019-11-27 4.0 MEDIUM 2.7 LOW
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).
CVE-2019-16539 1 Jenkins 1 Support Core 2019-11-24 5.5 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
CVE-2017-8561 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-11-07 6.9 MEDIUM 7.0 HIGH
Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".
CVE-2019-14226 1 Open-xchange 1 Open-xchange Appsuite 2019-10-17 5.5 MEDIUM 8.1 HIGH
OX App Suite through 7.10.2 has Insecure Permissions.
CVE-2019-14956 1 Jetbrains 1 Youtrack 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVE-2018-12989 1 Pearsonvue 2 Console 8, Iqsystem 7 2019-10-02 7.2 HIGH 6.7 MEDIUM
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
CVE-2017-8580 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-10-02 6.2 MEDIUM 7.0 HIGH
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467.
CVE-2017-8579 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-02 6.9 MEDIUM 7.0 HIGH
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."
CVE-2017-8578 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-10-02 9.3 HIGH 7.8 HIGH
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.
CVE-2017-8577 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-10-02 6.9 MEDIUM 7.0 HIGH
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.
CVE-2018-4115 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.