Total
889 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-15962 | 1 Cisco | 14 Telepresence Collaboration Endpoint, Webex Board 55, Webex Board 55s and 11 more | 2019-10-22 | 4.4 Medium |
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device. | ||||
CVE-2019-17043 | 1 Bmc | 1 Patrol Agent | 2019-10-18 | 7.8 High |
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution. | ||||
CVE-2019-17044 | 2 Bmc, Linux | 2 Patrol Agent, Linux Kernel | 2019-10-18 | 7.8 High |
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution. | ||||
CVE-2019-2173 | 1 Google | 1 Android | 2019-10-16 | 7.8 High |
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 | ||||
CVE-2015-9474 | 1 Simpolio Project | 1 Simpolio | 2019-10-16 | 8.8 High |
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | ||||
CVE-2015-9475 | 1 Pont Project | 1 Pont | 2019-10-16 | 8.8 High |
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | ||||
CVE-2015-9476 | 1 Teardrop Project | 1 Teardrop | 2019-10-15 | 8.8 High |
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | ||||
CVE-2015-9477 | 1 Vernissage Project | 1 Vernissage | 2019-10-15 | 8.8 High |
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | ||||
CVE-2018-7533 | 1 Osisoft | 1 Pi Data Archive | 2019-10-09 | N/A |
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. | ||||
CVE-2018-13287 | 1 Synology | 1 Router Manager | 2019-10-09 | N/A |
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2018-13286 | 1 Synology | 1 Diskstation Manager | 2019-10-09 | N/A |
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
CVE-2018-11454 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2019-10-09 | N/A |
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. | ||||
CVE-2018-11453 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2019-10-09 | N/A |
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. | ||||
CVE-2018-10605 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2019-10-09 | N/A |
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU. | ||||
CVE-2018-0023 | 1 Juniper | 1 Jsnapy | 2019-10-09 | N/A |
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github. | ||||
CVE-2017-7968 | 1 Schneider-electric | 1 Wonderware Indusoft Web Studio | 2019-10-09 | N/A |
An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges. | ||||
CVE-2017-3210 | 4 Fujitsu, Hp, Philips and 1 more | 6 Displayview Click, Displayview Click Suite, Display Assistant and 3 more | 2019-10-09 | N/A |
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26. | ||||
CVE-2017-16128 | 1 Npm-script-demo Project | 1 Npm-script-demo | 2019-10-09 | N/A |
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. | ||||
CVE-2017-16127 | 1 Pandora-doomsday Project | 1 Pandora-doomsday | 2019-10-09 | N/A |
The module pandora-doomsday infects other modules. It's since been unpublished from the registry. | ||||
CVE-2017-12699 | 1 Azeotech | 1 Daqfactory | 2019-10-09 | N/A |
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. |