Total
2044 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18899 | 2 Apt-cacher-ng Project, Opensuse | 3 Apt-cacher-ng, Backports, Leap | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1. | |||||
| CVE-2019-18845 | 1 Patriotmemory | 2 Viper Rgb, Viper Rgb Firmware | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. | |||||
| CVE-2019-18822 | 1 Eleveo | 1 Call Recording | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse. | |||||
| CVE-2019-18623 | 1 Energycap | 1 Energycap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. | |||||
| CVE-2019-18425 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. | |||||
| CVE-2019-18365 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. | |||||
| CVE-2019-17631 | 2 Eclipse, Redhat | 7 Openj9, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | |||||
| CVE-2019-17202 | 1 Fasttracksoftware | 1 Admin By Request | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege. | |||||
| CVE-2019-17066 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. | |||||
| CVE-2019-16897 | 1 K7computing | 3 K7 Antivirus Premium, K7 Total Security, K7 Ultimate Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process. | |||||
| CVE-2019-16777 | 5 Fedoraproject, Npmjs, Opensuse and 2 more | 6 Fedora, Npm, Leap and 3 more | 2024-11-21 | 5.5 MEDIUM | 7.7 HIGH |
| Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | |||||
| CVE-2019-16519 | 1 Eset | 3 Cyber Security, Endpoint Antivirus, Endpoint Security | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. | |||||
| CVE-2019-16202 | 1 Misp | 1 Misp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. | |||||
| CVE-2019-16071 | 1 Netsas | 1 Enigma Nms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator. | |||||
| CVE-2019-15901 | 2 Doas Project, Linux | 2 Doas, Linux Kernel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids. | |||||
| CVE-2019-15799 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. | |||||
| CVE-2019-15790 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3. | |||||
| CVE-2019-15747 | 1 Sitos | 1 Sitos Six | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. | |||||
| CVE-2019-15720 | 1 Cloudberrylab | 1 Backup | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM. | |||||
| CVE-2019-15332 | 1 Lavamobiles | 2 Z61, Z61 Firmware | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||