Total
1971 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-12183 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2024-08-04 | 7.5 High |
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API. | ||||
CVE-2019-11888 | 2 Golang, Microsoft | 2 Go, Windows | 2024-08-04 | N/A |
Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. | ||||
CVE-2019-11632 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-08-04 | N/A |
In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.) | ||||
CVE-2019-11553 | 1 Code42 | 1 Code42 | 2024-08-04 | N/A |
In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could request the token of that user. If the administrator was not authorized to perform web restores but the user was authorized to perform web restores, this would allow the administrator to impersonate the user with greater permissions. In order to exploit this vulnerability, the user would have to be an administrator with access to manage an organization with a user with greater permissions than themselves. | ||||
CVE-2019-11551 | 1 Code42 | 2 Code42 For Enterprise, Crashplan For Small Business | 2024-08-04 | N/A |
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write. | ||||
CVE-2019-11521 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-04 | N/A |
OX App Suite 7.10.1 allows Content Spoofing. | ||||
CVE-2019-10940 | 1 Siemens | 1 Sinema Server | 2024-08-04 | 9.9 Critical |
A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
CVE-2019-10716 | 1 Verodin | 1 Director | 2024-08-04 | 7.7 High |
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. | ||||
CVE-2019-10676 | 1 Uniqkey | 1 Password Manager | 2024-08-04 | N/A |
An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html. | ||||
CVE-2019-10239 | 1 Robotronic | 1 Runasspc | 2024-08-04 | N/A |
Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account. | ||||
CVE-2019-10144 | 1 Redhat | 1 Rkt | 2024-08-04 | 7.7 High |
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources. | ||||
CVE-2019-9971 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2024-08-04 | 8.8 High |
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. | ||||
CVE-2019-9745 | 1 Cloudcti | 1 Hip Integrator Recognition Configuration Tool | 2024-08-04 | 7.8 High |
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user. | ||||
CVE-2019-9624 | 1 Webmin | 1 Webmin | 2024-08-04 | N/A |
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. | ||||
CVE-2019-9443 | 1 Google | 1 Android | 2024-08-04 | 6.7 Medium |
In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2019-7479 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-08-04 | 7.2 High |
A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | ||||
CVE-2019-7278 | 1 Optergy | 2 Enterprise, Proton | 2024-08-04 | N/A |
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. | ||||
CVE-2019-7319 | 1 Cloudera | 1 Cdh | 2024-08-04 | 8.3 High |
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges. | ||||
CVE-2019-7155 | 1 Gitlab | 1 Gitlab | 2024-08-04 | N/A |
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group. | ||||
CVE-2019-6996 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. |