Total
1965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19728 | 3 Debian, Opensuse, Schedmd | 3 Debian Linux, Leap, Slurm | 2024-08-05 | 7.5 High |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | ||||
| CVE-2019-19699 | 1 Centreon | 1 Centreon | 2024-08-05 | 7.2 High |
| There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. | ||||
| CVE-2019-19585 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 7.8 High |
| An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | ||||
| CVE-2019-19544 | 1 Broadcom | 1 Ca Automic Dollar Universe | 2024-08-05 | 7.8 High |
| CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015. | ||||
| CVE-2019-19351 | 1 Redhat | 1 Openshift | 2024-08-05 | 7 High |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | ||||
| CVE-2019-19354 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2024-08-05 | 7.8 High |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
| CVE-2019-19355 | 1 Redhat | 1 Openshift | 2024-08-05 | 7 High |
| An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | ||||
| CVE-2019-19345 | 1 Redhat | 1 Openshift | 2024-08-05 | 7 High |
| A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
| CVE-2019-19346 | 1 Redhat | 1 Openshift | 2024-08-05 | 7 High |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
| CVE-2019-19348 | 1 Redhat | 1 Openshift | 2024-08-05 | 7 High |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
| CVE-2019-19216 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-08-05 | 8.8 High |
| BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. | ||||
| CVE-2019-19151 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-08-05 | 5.5 Medium |
| On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed. | ||||
| CVE-2019-19014 | 1 Titanhq | 1 Webtitan | 2024-08-05 | 7.8 High |
| An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access. | ||||
| CVE-2019-18916 | 1 Hp | 10 Color Laserjet Pro Mfp M277 B3q10a, Color Laserjet Pro Mfp M277 B3q10a Firmware, Color Laserjet Pro Mfp M277 B3q10v and 7 more | 2024-08-05 | 7.8 High |
| A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. | ||||
| CVE-2019-18845 | 1 Patriotmemory | 2 Viper Rgb, Viper Rgb Firmware | 2024-08-05 | 7.1 High |
| The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. | ||||
| CVE-2019-18822 | 1 Eleveo | 1 Call Recording | 2024-08-05 | 8.8 High |
| A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse. | ||||
| CVE-2019-18623 | 1 Energycap | 1 Energycap | 2024-08-05 | 9.8 Critical |
| Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. | ||||
| CVE-2019-18365 | 1 Jetbrains | 1 Teamcity | 2024-08-05 | 4.3 Medium |
| In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. | ||||
| CVE-2019-18425 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. | ||||
| CVE-2019-17631 | 2 Eclipse, Redhat | 9 Openj9, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2024-08-05 | 9.1 Critical |
| From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | ||||