Total
2244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11551 | 1 Code42 | 2 Code42 For Enterprise, Crashplan For Small Business | 2024-11-21 | N/A |
| In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write. | ||||
| CVE-2019-11521 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.10.1 allows Content Spoofing. | ||||
| CVE-2019-11288 | 1 Pivotal | 2 Tc Runtimes, Tc Server | 2024-11-21 | 7.0 High |
| In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance. | ||||
| CVE-2019-11280 | 1 Pivotal Software | 1 Pivotal Application Service | 2024-11-21 | 8.8 High |
| Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to. | ||||
| CVE-2019-11270 | 1 Pivotal Software | 3 Application Service, Cloud Foundry Uaa, Operations Manager | 2024-11-21 | 7.5 High |
| Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess. | ||||
| CVE-2019-10940 | 1 Siemens | 1 Sinema Server | 2024-11-21 | 9.9 Critical |
| A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-10716 | 1 Verodin | 1 Director | 2024-11-21 | 7.7 High |
| An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. | ||||
| CVE-2019-10676 | 1 Uniqkey | 1 Password Manager | 2024-11-21 | N/A |
| An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html. | ||||
| CVE-2019-10239 | 1 Robotronic | 1 Runasspc | 2024-11-21 | N/A |
| Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account. | ||||
| CVE-2019-10144 | 1 Redhat | 1 Rkt | 2024-11-21 | 7.7 High |
| rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources. | ||||
| CVE-2019-1010178 | 1 Modx | 1 Fred | 2024-11-21 | 9.8 Critical |
| Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246. | ||||
| CVE-2019-1010066 | 1 Llnl | 1 Model Specific Registers-safe | 2024-11-21 | N/A |
| Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0. | ||||
| CVE-2019-0735 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-0301 | 1 Sap | 1 Identity Management | 2024-11-21 | N/A |
| Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | ||||
| CVE-2018-9853 | 1 Freesshd | 1 Freesshd | 2024-11-21 | N/A |
| Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server. | ||||
| CVE-2018-9425 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 | ||||
| CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | ||||
| CVE-2018-9333 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. | ||||
| CVE-2018-9332 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). | ||||
| CVE-2018-9022 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | ||||