Total
1460 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19895 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users. | ||||
| CVE-2019-19894 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 5.5 Medium |
| In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. | ||||
| CVE-2019-19882 | 1 Shadow Project | 1 Shadow | 2024-11-21 | 7.8 High |
| shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8). | ||||
| CVE-2019-19736 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 6.1 Medium |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting. | ||||
| CVE-2019-19727 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2024-11-21 | 5.5 Medium |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | ||||
| CVE-2019-19522 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.8 High |
| OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root. | ||||
| CVE-2019-19455 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 7.8 High |
| Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2019-19382 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-11-21 | 7.8 High |
| Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | ||||
| CVE-2019-19363 | 1 Ricoh | 8 Generic Pcl5 Driver, Pc Fax Generic Driver, Pcl6 \(pcl Xl\) Driver and 5 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version | ||||
| CVE-2019-19341 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.5 Medium |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. | ||||
| CVE-2019-19335 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 Medium |
| During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. | ||||
| CVE-2019-19315 | 1 Nalpeiron | 1 Licensing Service | 2024-11-21 | 7.1 High |
| NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. | ||||
| CVE-2019-19263 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. | ||||
| CVE-2019-19262 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | ||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | ||||
| CVE-2019-19197 | 1 Kyrolsecuritylabs | 1 Kyrol Internet Security | 2024-11-21 | 7.8 High |
| IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive. | ||||
| CVE-2019-19087 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). | ||||
| CVE-2019-19086 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | ||||
| CVE-2019-18958 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 7.8 High |
| Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed. | ||||
| CVE-2019-18895 | 2 Microsoft, Scanguard | 2 Windows, Scanguard Antivirus | 2024-11-21 | 7.8 High |
| Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | ||||