Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6685 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-08-04 | 7.8 High |
| On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. | ||||
| CVE-2019-6668 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-08-04 | 5.5 Medium |
| The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root. | ||||
| CVE-2019-6617 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-08-04 | 6.5 Medium |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions. | ||||
| CVE-2019-6525 | 1 Aveva | 1 Wonderware System Platform | 2024-08-04 | 8.8 High |
| AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account. | ||||
| CVE-2019-6287 | 1 Suse | 1 Rancher | 2024-08-04 | N/A |
| In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. | ||||
| CVE-2019-5768 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-08-04 | N/A |
| DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | ||||
| CVE-2019-5468 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 8.8 High |
| An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | ||||
| CVE-2019-5472 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 7.5 High |
| An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | ||||
| CVE-2019-5415 | 1 Zeit | 1 Serve | 2024-08-04 | 7.5 High |
| A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. | ||||
| CVE-2019-5259 | 1 Huawei | 24 Ar120-s, Ar120-s Firmware, Ar1200 and 21 more | 2024-08-04 | 6.5 Medium |
| There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition. | ||||
| CVE-2019-5250 | 1 Huawei | 2 Mate 20 Pro, Mate 20 Pro Firmware | 2024-08-04 | 7.8 High |
| Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. | ||||
| CVE-2019-3990 | 1 Linuxfoundation | 1 Harbor | 2024-08-04 | 4.3 Medium |
| A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. | ||||
| CVE-2019-3849 | 1 Moodle | 1 Moodle | 2024-08-04 | 8.8 High |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | ||||
| CVE-2019-3843 | 5 Canonical, Fedoraproject, Netapp and 2 more | 9 Ubuntu Linux, Fedora, Cn1610 and 6 more | 2024-08-04 | 7.8 High |
| It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. | ||||
| CVE-2019-3805 | 1 Redhat | 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd and 3 more | 2024-08-04 | 4.7 Medium |
| A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. | ||||
| CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 7.5 High |
| Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | ||||
| CVE-2019-3651 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-04 | 8.8 High |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | ||||
| CVE-2019-3475 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-08-04 | 7.8 High |
| A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | ||||
| CVE-2019-3466 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2024-08-04 | 7.8 High |
| The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | ||||
| CVE-2019-2225 | 1 Google | 1 Android | 2024-08-04 | 8.8 High |
| When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 | ||||