Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3467 | 3 Canonical, Debian, Skolelinux | 4 Ubuntu Linux, Debian-lan-config, Debian Linux and 1 more | 2024-08-04 | 7.8 High |
| Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | ||||
| CVE-2019-2389 | 1 Mongodb | 1 Mongodb | 2024-08-04 | 5.3 Medium |
| Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. | ||||
| CVE-2019-2257 | 1 Qualcomm | 48 Mdm9150, Mdm9150 Firmware, Mdm9607 and 45 more | 2024-08-04 | N/A |
| Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24 | ||||
| CVE-2019-2089 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-116608833 | ||||
| CVE-2019-2023 | 1 Google | 1 Android | 2024-08-04 | N/A |
| In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-121035042Upstream kernel | ||||
| CVE-2019-1457 | 1 Microsoft | 1 Office | 2024-08-04 | 7.8 High |
| A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | ||||
| CVE-2019-1378 | 1 Microsoft | 1 Windows 10 Update Assistant | 2024-08-04 | 7.8 High |
| An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-0804 | 2 Microsoft, Redhat | 2 Walinuxagent, Enterprise Linux | 2024-08-04 | N/A |
| An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'. | ||||
| CVE-2019-0757 | 4 Apple, Microsoft, Mono-project and 1 more | 11 Macos, .net Core, .net Core Sdk and 8 more | 2024-08-04 | 6.5 Medium |
| A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. | ||||
| CVE-2019-0588 | 1 Microsoft | 1 Exchange Server | 2024-08-04 | 6.5 Medium |
| An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server. | ||||
| CVE-2019-0341 | 1 Sap | 1 Enable Now | 2024-08-04 | N/A |
| The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application. | ||||
| CVE-2019-0201 | 5 Apache, Debian, Netapp and 2 more | 14 Activemq, Drill, Zookeeper and 11 more | 2024-08-04 | 5.9 Medium |
| An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. | ||||
| CVE-2019-0171 | 1 Intel | 2 Quartus Ii, Quartus Prime | 2024-08-04 | N/A |
| Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-0138 | 1 Intel | 1 Acu Wizard | 2024-08-04 | N/A |
| Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-0086 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-08-04 | N/A |
| Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-36154 | 1 Pearson | 1 Vue Testing System | 2024-08-04 | 7.8 High |
| The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application. | ||||
| CVE-2020-29074 | 3 Debian, Fedoraproject, X11vnc Project | 3 Debian Linux, Fedora, X11vnc | 2024-08-04 | 8.8 High |
| scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | ||||
| CVE-2020-28910 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 9.8 Critical |
| Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | ||||
| CVE-2020-28914 | 1 Katacontainers | 1 Kata-containers | 2024-08-04 | 7.1 High |
| An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only. | ||||
| CVE-2020-28909 | 1 Nagios | 1 Fusion | 2024-08-04 | 8.8 High |
| Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo. | ||||