Vulnerabilities (CVE)

Filtered by CWE-281
Total 218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19620 1 Dell 1 Red Cloak Windows Agent 2024-11-21 2.1 LOW 3.3 LOW
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file.
CVE-2019-18458 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 2.7 LOW
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).
CVE-2019-18457 1 Gitlab 1 Gitlab 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.
CVE-2019-16539 1 Jenkins 1 Support Core 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
CVE-2019-15621 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.
CVE-2019-14956 1 Jetbrains 1 Youtrack 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVE-2019-14841 1 Redhat 2 Decision Manager, Process Automation 2024-11-21 N/A 8.8 HIGH
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
CVE-2019-14226 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 5.5 MEDIUM 8.1 HIGH
OX App Suite through 7.10.2 has Insecure Permissions.
CVE-2019-13727 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-13682 1 Google 1 Chrome 2024-11-21 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-13668 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 7.4 HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-11748 1 Mozilla 2 Firefox, Firefox Esr 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-0233 2 Apache, Oracle 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
CVE-2019-0073 1 Juniper 1 Junos 2024-11-21 2.1 LOW 6.6 MEDIUM
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.
CVE-2018-5163 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 5.1 MEDIUM 8.1 HIGH
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.
CVE-2018-4115 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.
CVE-2018-3762 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.
CVE-2018-12989 1 Pearsonvue 2 Console 8, Iqsystem 7 2024-11-21 7.2 HIGH 6.7 MEDIUM
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
CVE-2017-8593 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".
CVE-2017-8590 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2024-11-21 4.6 MEDIUM 8.8 HIGH
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".