Vulnerabilities (CVE)

CWE filter

CWE-732

Filter

359 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1313 1 Microsoft 1 Sql Server Management Studio 2019-10-10 4.0
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.
CVE-2019-1376 1 Microsoft 1 Sql Server Management Studio 2019-10-10 4.0
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.
CVE-2015-9456 1 Orbisius 1 Child Theme Creator 2019-10-10 4.0
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or...
CVE-2018-4049 1 Gog 1 Galaxy 2019-10-10 7.2
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's ?Games? directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this...
CVE-2019-7618 1 Elasticsearch 1 Kibana 2019-10-09 3.5
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code...
CVE-2019-12670 1 Cisco 1 Ios 2019-10-09 4.6
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file...
CVE-2019-11275 1 Pivotal Software 1 Pivotal Application Service 2019-10-09 4.0
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a...
CVE-2019-10409 1 Jenkins 1 Project Inheritance 2019-10-09 4.0
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
CVE-2018-6755 1 Mcafee 1 True Key 2019-10-09 4.6
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
CVE-2018-5413 1 Imperva 1 Securesphere 2019-10-09 6.5
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
CVE-2018-1750 1 Ibm 1 Security Key Lifecycle Manager 2019-10-09 5.5
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.
CVE-2018-1724 1 Ibm 1 Spectrum Lsf 2019-10-09 4.6
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439.
CVE-2018-1711 1 Ibm 1 Db2 2019-10-09 4.6
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.
CVE-2018-1551 1 Ibm 1 Websphere Mq 2019-10-09 6.0
IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.
CVE-2018-1420 1 Ibm 1 Websphere Portal 2019-10-09 4.0
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
CVE-2018-1386 1 Ibm 1 Tivoli Workload Scheduler 2019-10-09 6.9
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.
CVE-2018-1370 1 Ibm 1 Security Guardium Big Data Intelligence 2019-10-09 6.5
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.
CVE-2018-1168 1 Abb 1 Sys600 Firmware 2019-10-09 7.2
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit...
CVE-2018-1164 1 Zyxel 1 P-870h-51 Firmware 2019-10-09 10.0
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2018-1113 1 Redhat 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2019-10-09 4.6
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell...