Total
5446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17322 | 1 Clipsoft | 1 Rexpert | 2024-08-05 | 6.5 Medium |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | ||||
| CVE-2019-17326 | 1 Clipsoft | 1 Rexpert | 2024-08-05 | 6.5 Medium |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | ||||
| CVE-2019-14879 | 1 Moodle | 1 Moodle | 2024-08-05 | 5.4 Medium |
| A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | ||||
| CVE-2019-14257 | 1 Zenoss | 1 Zenoss | 2024-08-05 | N/A |
| pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765. | ||||
| CVE-2019-13125 | 1 Tencent | 1 Habomalhunter | 2024-08-04 | N/A |
| HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. | ||||
| CVE-2019-13013 | 2 Apple, Obdev | 2 Macos, Little Snitch | 2024-08-04 | 5.5 Medium |
| Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root. | ||||
| CVE-2019-13014 | 1 Obdev | 1 Little Snitch | 2024-08-04 | 5.5 Medium |
| Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade. | ||||
| CVE-2019-12808 | 1 Estsoft | 1 Altools | 2024-08-04 | 7.8 High |
| ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges. | ||||
| CVE-2019-11773 | 1 Eclipse | 1 Omr | 2024-08-04 | 7.8 High |
| Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | ||||
| CVE-2019-11771 | 1 Eclipse | 1 Openj9 | 2024-08-04 | 7.8 High |
| AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | ||||
| CVE-2019-10885 | 1 Ivanti | 1 Workspace Control | 2024-08-04 | N/A |
| An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context. | ||||
| CVE-2019-10709 | 1 Asus | 1 Precision Touchpad | 2024-08-04 | N/A |
| AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | ||||
| CVE-2019-10132 | 2 Fedoraproject, Redhat | 4 Fedora, Advanced Virtualization, Enterprise Linux and 1 more | 2024-08-04 | N/A |
| A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. | ||||
| CVE-2019-9768 | 1 Thinkst | 1 Canarytokens | 2024-08-04 | N/A |
| Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token. | ||||
| CVE-2019-9637 | 6 Canonical, Debian, Netapp and 3 more | 7 Ubuntu Linux, Debian Linux, Storage Automation Store and 4 more | 2024-08-04 | N/A |
| An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. | ||||
| CVE-2019-3637 | 1 Mcafee | 1 File And Removable Media Protection | 2024-08-04 | 6.7 Medium |
| Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges. | ||||
| CVE-2019-3475 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-08-04 | 7.8 High |
| A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | ||||
| CVE-2019-2122 | 1 Google | 1 Android | 2024-08-04 | N/A |
| In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127605586. | ||||
| CVE-2019-2102 | 1 Google | 1 Android | 2024-08-04 | N/A |
| In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052. | ||||
| CVE-2019-2003 | 1 Google | 1 Android | 2024-08-04 | N/A |
| In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-116321860 | ||||