Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18456 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4). | |||||
| CVE-2018-17873 | 1 Wifiranger | 2 Wifiranger, Wifiranger Firmware | 2020-08-24 | 3.3 LOW | 8.8 HIGH |
| An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | |||||
| CVE-2018-17872 | 1 Verint | 2 Collaboration Compliance, Quality Management Platform | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions. | |||||
| CVE-2018-1787 | 2 Ibm, Microsoft | 3 Spectrum Protect Backup-archive Client, Spectrum Protect For Virtual Environments, Windows | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872. | |||||
| CVE-2019-12777 | 1 Enttec | 8 Datagate Mk2, Datagate Mk2 Firmware, E-streamer Mk2 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory permissions for all users. By default, /usr/local and all of its subdirectories should have permissions set to only allow non-privileged users to read and execute from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories. | |||||
| CVE-2019-18856 | 1 Drupal | 1 Svg Sanitizer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | |||||
| CVE-2019-19086 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | |||||
| CVE-2019-19087 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). | |||||
| CVE-2018-15835 | 1 Google | 1 Android | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. | |||||
| CVE-2018-15809 | 1 Accupos | 1 Accupos | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files. | |||||
| CVE-2018-15768 | 1 Dell | 1 Openmanage Network Manager | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. | |||||
| CVE-2019-12589 | 1 Firejail Project | 1 Firejail | 2020-08-24 | 4.6 MEDIUM | 8.8 HIGH |
| In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. | |||||
| CVE-2019-19262 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | |||||
| CVE-2019-19263 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. | |||||
| CVE-2018-14987 | 1 Mxq Project | 2 Mxq Tv Box, Mxq Tv Box Firmware | 2020-08-24 | 5.6 MEDIUM | 7.1 HIGH |
| The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that dynamically registers a broadcast receiver app component named com.android.server.MasterClearReceiver instead of statically registering it in the AndroidManifest.xml file of the core Android package, as done in Android Open Source Project (AOSP) code for Android 4.4.2. The dynamic-registration of the MasterClearReceiver broadcast receiver app component is not protected with the android.permission.MASTER_CLEAR permission during registration, so any app co-located on the device, even those without any permissions, can programmatically initiate a factory reset of the device. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of core Android process. | |||||
| CVE-2019-19522 | 1 Openbsd | 1 Openbsd | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root. | |||||
| CVE-2018-14916 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2020-08-24 | 9.4 HIGH | 9.1 CRITICAL |
| LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | |||||
| CVE-2018-14886 | 1 Odoo | 1 Odoo | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description. | |||||
| CVE-2018-14862 | 1 Odoo | 1 Odoo | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request. | |||||
| CVE-2018-14861 | 1 Odoo | 1 Odoo | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users. | |||||