ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19736 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 6.1 Medium |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting. | ||||
| CVE-2019-19727 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2024-11-21 | 5.5 Medium |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | ||||
| CVE-2019-19522 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.8 High |
| OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root. | ||||
| CVE-2019-19455 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 7.8 High |
| Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2019-19382 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-11-21 | 7.8 High |
| Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | ||||
| CVE-2019-19363 | 1 Ricoh | 8 Generic Pcl5 Driver, Pc Fax Generic Driver, Pcl6 \(pcl Xl\) Driver and 5 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version | ||||
| CVE-2019-19341 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.5 Medium |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. | ||||
| CVE-2019-19335 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 Medium |
| During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. | ||||
| CVE-2019-19315 | 1 Nalpeiron | 1 Licensing Service | 2024-11-21 | 7.1 High |
| NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. | ||||
| CVE-2019-19263 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. | ||||
| CVE-2019-19262 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | ||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | ||||
| CVE-2019-19197 | 1 Kyrolsecuritylabs | 1 Kyrol Internet Security | 2024-11-21 | 7.8 High |
| IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive. | ||||
| CVE-2019-19087 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). | ||||
| CVE-2019-19086 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | ||||
| CVE-2019-18958 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 7.8 High |
| Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed. | ||||
| CVE-2019-18895 | 2 Microsoft, Scanguard | 2 Windows, Scanguard Antivirus | 2024-11-21 | 7.8 High |
| Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | ||||
| CVE-2019-18856 | 1 Drupal | 1 Svg Sanitizer | 2024-11-21 | 7.5 High |
| A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | ||||
| CVE-2019-18577 | 1 Dell | 1 Xtremio Management Server | 2024-11-21 | 6.7 Medium |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. | ||||
| CVE-2019-18463 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). | ||||