Total
2789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19783 | 4 Canonical, Cyrus, Debian and 1 more | 4 Ubuntu Linux, Imap, Debian Linux and 1 more | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. | |||||
| CVE-2019-19728 | 3 Debian, Opensuse, Schedmd | 3 Debian Linux, Leap, Slurm | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | |||||
| CVE-2019-19726 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. | |||||
| CVE-2019-19699 | 1 Centreon | 1 Centreon | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. | |||||
| CVE-2019-19585 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | |||||
| CVE-2019-19544 | 1 Broadcom | 1 Ca Automic Dollar Universe | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015. | |||||
| CVE-2019-19355 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | |||||
| CVE-2019-19354 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19351 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | |||||
| CVE-2019-19348 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19346 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19345 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
| A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19151 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed. | |||||
| CVE-2019-19119 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | |||||
| CVE-2019-19014 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access. | |||||
| CVE-2019-18916 | 1 Hp | 10 Color Laserjet Pro Mfp M277 B3q10a, Color Laserjet Pro Mfp M277 B3q10a Firmware, Color Laserjet Pro Mfp M277 B3q10v and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. | |||||
| CVE-2019-18899 | 2 Apt-cacher-ng Project, Opensuse | 3 Apt-cacher-ng, Backports, Leap | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1. | |||||
| CVE-2019-18845 | 1 Patriotmemory | 2 Viper Rgb, Viper Rgb Firmware | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. | |||||
| CVE-2019-18823 | 2 Fedoraproject, Wisc | 2 Fedora, Htcondor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) | |||||
| CVE-2019-18822 | 1 Eleveo | 1 Call Recording | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse. | |||||