Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19727 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | |||||
| CVE-2019-19522 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root. | |||||
| CVE-2019-19455 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2019-19382 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | |||||
| CVE-2019-19363 | 1 Ricoh | 8 Generic Pcl5 Driver, Pc Fax Generic Driver, Pcl6 \(pcl Xl\) Driver and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version | |||||
| CVE-2019-19341 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. | |||||
| CVE-2019-19335 | 1 Redhat | 1 Openshift | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. | |||||
| CVE-2019-19315 | 1 Nalpeiron | 1 Licensing Service | 2024-11-21 | 6.9 MEDIUM | 7.1 HIGH |
| NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. | |||||
| CVE-2019-19263 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. | |||||
| CVE-2019-19262 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | |||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | |||||
| CVE-2019-19197 | 1 Kyrolsecuritylabs | 1 Kyrol Internet Security | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive. | |||||
| CVE-2019-19087 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). | |||||
| CVE-2019-19086 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | |||||
| CVE-2019-18958 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed. | |||||
| CVE-2019-18895 | 2 Microsoft, Scanguard | 2 Windows, Scanguard Antivirus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | |||||
| CVE-2019-18856 | 1 Drupal | 1 Svg Sanitizer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | |||||
| CVE-2019-18577 | 1 Dell | 1 Xtremio Management Server | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. | |||||
| CVE-2019-18463 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). | |||||
| CVE-2019-18462 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. | |||||