CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2021-03-24
Medium
CVE-2021-1437

Vendor: Cisco
Software: Wireless lan...
 

 
A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).

 
2019-09-06
Medium
CVE-2018-18630

Vendor: Changehealthcare
Software: Cardiology f...
 

 
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.

 
2019-09-05
Medium
CVE-2019-2177

Vendor: Google
Software: Android
 

 
In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

 
Medium
CVE-2019-2175

Vendor: Google
Software: Android
 

 
In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

 
Low
CVE-2019-13361

Vendor: Smanos
Software: W100 firmware
 

 
Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network.

 
2019-09-03
Low
CVE-2019-15871

Vendor: Wpbrigade
Software: Loginpress
 

 
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.

 
2019-08-28
Low
CVE-2019-15716

Vendor: Wtfutil
Software: WTF
 

 
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.

 
2019-08-23
Medium
CVE-2019-8445

Vendor: Atlassian
Software: JIRA
 

 
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.

 
2019-08-21
Medium
CVE-2019-12622

Vendor: Cisco
Software: Roomos
 

 
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

 
2019-08-20
Low
CVE-2019-11806

Vendor: Open-xchange
Software: Open-xchange...
 

 
OX App Suite 7.10.1 and earlier has Insecure Permissions.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top