Vulnerabilities (CVE)

CWE filter

CWE-275

Filter

155 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11146 2019-10-10 4.6
Improper file verification in Intel? Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11145 2019-10-10 4.6
Improper file verification in Intel? Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0201 2 Apache, Debian 2 Zookeeper, Debian Linux 2019-10-10 4.3
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL() command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id...
CVE-2019-8455 1 Checkpoint 1 Zonealarm 2019-10-09 3.6
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local...
CVE-2019-7611 1 Elastic 1 Elasticsearch 2019-10-09 6.8
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has...
CVE-2019-3879 2 Ovirt, Redhat 2 Ovirt, Virtualization 2019-10-09 5.5
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low...
CVE-2019-1618 1 Cisco 1 Nx-os 2019-10-09 7.2
A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions...
CVE-2019-12622 1 Cisco 4 Roomos, Telepresence Codec C40 Firmware, Telepresence Codec C60 Firmware and 1 more 2019-10-09 7.2
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An...
CVE-2019-11896 2019-10-09 6.8
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit...
CVE-2019-11893 2019-10-09 4.9
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit...
CVE-2019-10389 1 Jenkins 2 Relution Publisher, Relution Enterprise Appstore Publisher 2019-10-09 4.0
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
CVE-2019-10387 1 Jenkins 1 Xl Testview 2019-10-09 4.0
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs...
CVE-2019-10377 1 Jenkins 1 Avatar 2019-10-09 4.0
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.
CVE-2019-10369 1 Jenkins 1 Jclouds 2019-10-09 4.0
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified...
CVE-2019-10344 1 Jenkins 1 Configuration As Code 2019-10-09 4.0
Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information...
CVE-2019-10319 1 Jenkins 1 Pluggable Authentication Module 2019-10-09 4.0
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the...
CVE-2019-10293 1 Jenkins 1 Kmap 2019-10-09 4.0
A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-10290 1 Jenkins 1 Netsparker Cloud Scan 2019-10-09 4.0
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an...
CVE-2019-10279 1 Jenkins 1 Jenkins-reviewbot 2019-10-09 4.0
A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003099 1 Jenkins 1 Openid 2019-10-09 4.0
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.