Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17383 | 1 Netaddr Project | 1 Netaddr | 2024-08-05 | 9.8 Critical |
| The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | ||||
| CVE-2019-17365 | 1 Nixos | 1 Nix | 2024-08-05 | 7.8 High |
| Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | ||||
| CVE-2019-17124 | 1 Kramerav | 1 Viaware | 2024-08-05 | 9.8 Critical |
| Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | ||||
| CVE-2019-17044 | 2 Bmc, Linux | 2 Patrol Agent, Linux Kernel | 2024-08-05 | 7.8 High |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution. | ||||
| CVE-2019-17053 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-08-05 | 3.3 Low |
| ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | ||||
| CVE-2019-17054 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 3.3 Low |
| atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. | ||||
| CVE-2019-17052 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-05 | 3.3 Low |
| ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | ||||
| CVE-2019-17056 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 3.3 Low |
| llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. | ||||
| CVE-2019-17043 | 1 Bmc | 1 Patrol Agent | 2024-08-05 | 7.8 High |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution. | ||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2024-08-05 | 7.5 High |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | ||||
| CVE-2019-16913 | 1 Pcprotect | 1 Antivirus | 2024-08-05 | 7.8 High |
| PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. | ||||
| CVE-2019-16716 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-05 | 6.6 Medium |
| OX App Suite through 7.10.2 has Incorrect Access Control. | ||||
| CVE-2019-16552 | 1 Jenkins | 1 Gerrit Trigger | 2024-08-05 | 5.4 Medium |
| A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | ||||
| CVE-2019-16559 | 1 Jenkins | 1 Websphere Deployer | 2024-08-05 | 5.4 Medium |
| A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | ||||
| CVE-2019-16554 | 1 Jenkins | 1 Build Failure Analyzer | 2024-08-05 | 4.3 Medium |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | ||||
| CVE-2019-16355 | 1 Beego | 1 Beego | 2024-08-05 | 5.5 Medium |
| The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | ||||
| CVE-2019-16183 | 1 Limesurvey | 1 Limesurvey | 2024-08-05 | 2.7 Low |
| In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. | ||||
| CVE-2019-16186 | 1 Limesurvey | 1 Limesurvey | 2024-08-05 | 7.2 High |
| In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | ||||
| CVE-2019-16185 | 1 Limesurvey | 1 Limesurvey | 2024-08-05 | 7.2 High |
| In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | ||||
| CVE-2019-16106 | 1 Humanica | 1 Humatrix | 2024-08-05 | 7.5 High |
| The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. | ||||