Total
4057 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0566 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. | |||||
| CVE-2019-0555 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | |||||
| CVE-2019-0386 | 1 Sap | 2 Erp Sales, S4hana Sales | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges. | |||||
| CVE-2019-0367 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. | |||||
| CVE-2019-0349 | 1 Sap | 1 Advanced Business Application Programming Platform Kernel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check | |||||
| CVE-2019-0325 | 1 Sap | 1 Erp Hcm | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data. | |||||
| CVE-2019-0293 | 1 Sap | 1 Sap Solution Manager System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740). | |||||
| CVE-2019-0280 | 1 Sap | 1 Treasury And Risk Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges. | |||||
| CVE-2019-0279 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-0270 | 1 Sap | 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04. | |||||
| CVE-2019-0258 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-0257 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-0243 | 1 Sap | 1 Bw\/4hana | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-0201 | 5 Apache, Debian, Netapp and 2 more | 11 Activemq, Drill, Zookeeper and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. | |||||
| CVE-2018-9548 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574. | |||||
| CVE-2018-9457 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376 | |||||
| CVE-2018-9039 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments. | |||||
| CVE-2018-8755 | 1 Nucom | 2 Wr644gacv, Wr644gacv Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. | |||||
| CVE-2018-8028 | 1 Apache | 1 Sentry | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table. | |||||
| CVE-2018-8012 | 3 Apache, Debian, Oracle | 3 Zookeeper, Debian Linux, Goldengate Stream Analytics | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. | |||||