Filtered by CWE-732
Filtered by vendor Subscriptions
Total 1411 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11155 1 Intel 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more 2024-11-21 7.1 High
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.
CVE-2019-11154 1 Intel 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more 2024-11-21 7.1 High
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.
CVE-2019-11121 2 Intel, Microsoft 2 Media Sdk, Windows 2024-11-21 7.8 High
Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-10710 1 Hisilicon 2 Hi3510, Hi3510 Firmware 2024-11-21 N/A
Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.
CVE-2019-10132 2 Fedoraproject, Redhat 4 Fedora, Advanced Virtualization, Enterprise Linux and 1 more 2024-11-21 N/A
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
CVE-2019-10116 1 Gitlab 1 Gitlab 2024-11-21 N/A
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
CVE-2019-10115 1 Gitlab 1 Gitlab 2024-11-21 N/A
An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.
CVE-2019-10110 1 Gitlab 1 Gitlab 2024-11-21 N/A
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.
CVE-2019-10084 1 Apache 1 Impala 2024-11-21 7.5 High
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user.
CVE-2019-1010101 1 Akeo 1 Rufus 2024-11-21 N/A
Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379.
CVE-2019-1010009 1 Dglogik 1 Dglux Server 2024-11-21 N/A
DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server.
CVE-2019-0804 2 Microsoft, Redhat 2 Walinuxagent, Enterprise Linux 2024-11-21 N/A
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.
CVE-2019-0757 4 Apple, Microsoft, Mono-project and 1 more 11 Macos, .net Core, .net Core Sdk and 8 more 2024-11-21 6.5 Medium
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
CVE-2019-0588 1 Microsoft 1 Exchange Server 2024-11-21 6.5 Medium
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.
CVE-2019-0341 1 Sap 1 Enable Now 2024-11-21 N/A
The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.
CVE-2019-0201 5 Apache, Debian, Netapp and 2 more 14 Activemq, Drill, Zookeeper and 11 more 2024-11-21 5.9 Medium
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
CVE-2019-0171 1 Intel 2 Quartus Ii, Quartus Prime 2024-11-21 N/A
Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0138 1 Intel 1 Acu Wizard 2024-11-21 N/A
Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0111 1 Intel 1 Data Center Manager 2024-11-21 N/A
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0108 1 Intel 1 Data Center Manager 2024-11-21 N/A
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.