Vulnerabilities (CVE)

Filtered by CWE-281
Total 215 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20843 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
CVE-2020-14958 1 Gogs 1 Gogs 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
CVE-2020-13230 3 Cacti, Debian, Fedoraproject 3 Cacti, Debian Linux, Fedora 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
CVE-2020-10083 1 Gitlab 1 Gitlab 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
CVE-2019-0233 2 Apache, Oracle 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
CVE-2019-14226 1 Open-xchange 1 Open-xchange Appsuite 2024-02-28 5.5 MEDIUM 8.1 HIGH
OX App Suite through 7.10.2 has Insecure Permissions.
CVE-2019-15621 1 Nextcloud 1 Nextcloud Server 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.
CVE-2019-13727 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-0073 1 Juniper 1 Junos 2024-02-28 2.1 LOW 7.1 HIGH
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.
CVE-2019-18457 1 Gitlab 1 Gitlab 2024-02-28 6.5 MEDIUM 8.8 HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.
CVE-2020-8634 1 Wftpserver 1 Wing Ftp Server 2024-02-28 7.2 HIGH 7.8 HIGH
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.
CVE-2019-13668 1 Google 1 Chrome 2024-02-28 4.3 MEDIUM 7.4 HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-19620 1 Dell 1 Red Cloak Windows Agent 2024-02-28 2.1 LOW 3.3 LOW
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file.
CVE-2019-11748 1 Mozilla 2 Firefox, Firefox Esr 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2020-8117 1 Nextcloud 1 Nextcloud Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
CVE-2020-9442 2 Microsoft, Openvpn 2 Windows, Connect 2024-02-28 7.2 HIGH 7.8 HIGH
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
CVE-2020-8633 1 Synacor 1 Zimbra Collaboration Suite 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
CVE-2019-18458 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 2.7 LOW
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).
CVE-2019-14956 1 Jetbrains 1 Youtrack 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVE-2020-7063 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.