Total
5446 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-0796 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | ||||
CVE-2019-0730 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | ||||
CVE-2019-0731 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | ||||
CVE-2019-0164 | 2 Intel, Lenovo | 9 Turbo Boost Max Technology 3.0, Thinkstation P410, Thinkstation P410 Firmware and 6 more | 2024-08-04 | 7.3 High |
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2019-0135 | 2 Intel, Lenovo | 9 Rapid Storage Technology Enterprise, Thinkstation P520, Thinkstation P520 Firmware and 6 more | 2024-08-04 | 7.8 High |
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206 | ||||
CVE-2019-0128 | 1 Intel | 1 Chipset Device Software | 2024-08-04 | 7.8 High |
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access. | ||||
CVE-2020-36528 | 1 Platinumchina | 1 Platinum Mobile | 2024-08-04 | 5.5 Medium |
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. | ||||
CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2024-08-04 | 6.5 Medium |
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | ||||
CVE-2020-8486 | 1 Abb | 1 800xa Rnrp | 2024-08-04 | 6.6 Medium |
Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | ||||
CVE-2020-8485 | 1 Abb | 1 800xa | 2024-08-04 | 7.8 High |
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | ||||
CVE-2020-8487 | 1 Abb | 1 800xa Base System | 2024-08-04 | 6.6 Medium |
Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | ||||
CVE-2020-8484 | 1 Abb | 1 800xa | 2024-08-04 | 7.8 High |
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | ||||
CVE-2020-8489 | 1 Abb | 1 800xa Information Management | 2024-08-04 | 7.8 High |
Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | ||||
CVE-2020-8488 | 1 Abb | 1 800xa Batch Management | 2024-08-04 | 7.8 High |
Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | ||||
CVE-2020-8478 | 1 Abb | 4 Ac800m, Base Software, Mms Server and 1 more | 2024-08-04 | 5.3 Medium |
Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. | ||||
CVE-2021-33036 | 1 Apache | 1 Hadoop | 2024-08-03 | 8.8 High |
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | ||||
CVE-2021-28497 | 1 Arista | 2 7130, Metamako Operating System | 2024-08-03 | 4.4 Medium |
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train | ||||
CVE-2021-28052 | 1 Hitach | 1 Vantara | 2024-08-03 | 7.5 High |
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3. | ||||
CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2024-08-03 | 8.8 High |
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | ||||
CVE-2021-25482 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. |