Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10084 | 1 Apache | 1 Impala | 2024-08-04 | 7.5 High |
| In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. | ||||
| CVE-2019-9464 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | ||||
| CVE-2019-9378 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124539196 | ||||
| CVE-2019-9166 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.8 High |
| Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | ||||
| CVE-2019-9222 | 1 Gitlab | 1 Gitlab | 2024-08-04 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | ||||
| CVE-2019-9008 | 1 Codesys | 10 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 7 more | 2024-08-04 | 8.8 High |
| An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime. | ||||
| CVE-2019-8283 | 1 Gemalto | 1 Sentinel Ldk | 2024-08-04 | 6.5 Medium |
| Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it. | ||||
| CVE-2019-8342 | 2 Apple, Foxitsoftware | 2 Macos, Foxit Reader | 2024-08-04 | N/A |
| A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been discovered due to an incorrect permission set. | ||||
| CVE-2019-8256 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 9.8 Critical |
| ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2019-8071 | 2 Adobe, Microsoft | 2 Download Manager, Windows | 2024-08-04 | 9.8 Critical |
| Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2019-7958 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2024-08-04 | N/A |
| Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2019-7729 | 1 Bosch | 1 Smart Camera | 2024-08-04 | N/A |
| An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | ||||
| CVE-2019-7656 | 1 Wowza | 1 Streaming Engine | 2024-08-04 | 7.8 High |
| A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2019-5543 | 2 Microsoft, Vmware | 4 Windows, Horizon Client, Remote Console and 1 more | 2024-08-04 | 7.8 High |
| For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user. | ||||
| CVE-2019-5212 | 1 Huawei | 2 P20, P20 Firmware | 2024-08-04 | 5.5 Medium |
| There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure. | ||||
| CVE-2019-5222 | 1 Huawei | 2 Honor Magic 2, Honor Magic 2 Firmware | 2024-08-04 | N/A |
| There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure. | ||||
| CVE-2019-5068 | 4 Canonical, Debian, Mesa3d and 1 more | 4 Ubuntu Linux, Debian Linux, Mesa and 1 more | 2024-08-04 | 4.4 Medium |
| An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. | ||||
| CVE-2019-3893 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-04 | 4.9 Medium |
| In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. | ||||
| CVE-2019-3866 | 1 Redhat | 3 Openstack, Openstack-mistral, Quay | 2024-08-04 | 5.5 Medium |
| An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. | ||||
| CVE-2019-3425 | 1 Zte | 2 Zxupn-9000e, Zxupn-9000e Firmware | 2024-08-04 | 8.8 High |
| The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. | ||||