Total
2001 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14220 | 3 Apple, Bluestacks, Microsoft | 3 Macos, Bluestacks, Windows | 2024-08-05 | 6.5 Medium |
| An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read | ||||
| CVE-2019-13738 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-08-05 | 6.5 Medium |
| Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||||
| CVE-2019-13702 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-05 | 7.8 High |
| Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. | ||||
| CVE-2019-13705 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-08-05 | 4.3 Medium |
| Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | ||||
| CVE-2019-13690 | 1 Google | 2 Chrome, Chrome Os | 2024-08-04 | 9.6 Critical |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2019-12889 | 1 Sailpoint | 1 Desktop Password Reset | 2024-08-04 | N/A |
| An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell. | ||||
| CVE-2019-12794 | 1 Misp | 1 Misp | 2024-08-04 | N/A |
| An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this. | ||||
| CVE-2019-12775 | 1 Enttec | 8 Datagate Mk2, Datagate Mk2 Firmware, E-streamer Mk2 and 5 more | 2024-08-04 | N/A |
| An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.) | ||||
| CVE-2019-12731 | 2 Microsoft, Mikogo | 2 Windows, Mikogo | 2024-08-04 | N/A |
| The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges. | ||||
| CVE-2019-12618 | 1 Hashicorp | 1 Nomad | 2024-08-04 | N/A |
| HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. | ||||
| CVE-2019-12522 | 1 Squid-cache | 1 Squid | 2024-08-04 | 4.5 Medium |
| An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root. | ||||
| CVE-2019-12176 | 1 Htc | 1 Viveport | 2024-08-04 | N/A |
| Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service. | ||||
| CVE-2019-12183 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2024-08-04 | 7.5 High |
| Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API. | ||||
| CVE-2019-11888 | 2 Golang, Microsoft | 2 Go, Windows | 2024-08-04 | N/A |
| Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. | ||||
| CVE-2019-11632 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-08-04 | N/A |
| In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.) | ||||
| CVE-2019-11553 | 1 Code42 | 1 Code42 | 2024-08-04 | N/A |
| In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could request the token of that user. If the administrator was not authorized to perform web restores but the user was authorized to perform web restores, this would allow the administrator to impersonate the user with greater permissions. In order to exploit this vulnerability, the user would have to be an administrator with access to manage an organization with a user with greater permissions than themselves. | ||||
| CVE-2019-11551 | 1 Code42 | 2 Code42 For Enterprise, Crashplan For Small Business | 2024-08-04 | N/A |
| In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write. | ||||
| CVE-2019-11521 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-04 | N/A |
| OX App Suite 7.10.1 allows Content Spoofing. | ||||
| CVE-2019-10940 | 1 Siemens | 1 Sinema Server | 2024-08-04 | 9.9 Critical |
| A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-10716 | 1 Verodin | 1 Director | 2024-08-04 | 7.7 High |
| An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. | ||||