Vulnerabilities (CVE)

Filtered by CWE-276
Total 1484 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12795 1 Gnome 1 Gvfs 2026-06-17 4.6 MEDIUM 7.8 HIGH
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
CVE-2019-12752 1 Symantec 1 Sonar 2026-06-17 4.1 MEDIUM 6.1 MEDIUM
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system.
CVE-2019-12670 1 Cisco 1 Ios 2026-06-17 4.6 MEDIUM 6.7 MEDIUM
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.
CVE-2019-12450 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-11765 1 Mozilla 1 Firefox 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.
CVE-2019-11097 1 Intel 1 Trusted Execution Engine Firmware 2026-06-17 4.6 MEDIUM 7.8 HIGH
Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-10679 1 Thomsonreuters 1 Eikon 2026-06-17 7.2 HIGH 7.8 HIGH
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.
CVE-2019-10474 1 Jenkins 1 Global Post Script 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.
CVE-2019-10473 1 Jenkins 1 Libvirt Slaves 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10472 1 Jenkins 1 Libvirt Slaves 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-10470 1 Jenkins 1 Kubernetes Ci 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10469 1 Jenkins 1 Kubernetes Ci 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-10465 1 Jenkins 1 Deploy Weblogic 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system.
CVE-2019-10463 1 Jenkins 1 Dynatrace Application Monitoring 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-0683 1 Microsoft 2 Windows 7, Windows Server 2008 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.
CVE-2019-0134 1 Intel 1 Dynamic Platform And Thermal Framework 2026-06-17 4.6 MEDIUM 7.8 HIGH
Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege.
CVE-2018-9467 1 Google 1 Android 2026-06-17 N/A 9.8 CRITICAL
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9434 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9432 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2018-9431 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.