ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14629 | 1 Intel | 1 Data Analytics Acceleration Library | 2024-11-21 | 5.5 Medium |
| Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 9.8 Critical |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | ||||
| CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | ||||
| CVE-2019-13681 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | ||||
| CVE-2019-13679 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 3.3 Low |
| Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. | ||||
| CVE-2019-13677 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||||
| CVE-2019-13676 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2019-13665 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. | ||||
| CVE-2019-13535 | 1 Medtronic | 4 Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware, Valleylab Ls10 Energy Platform and 1 more | 2024-11-21 | 4.6 Medium |
| In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | ||||
| CVE-2019-13356 | 1 Totaldefense | 1 Anti-virus | 2024-11-21 | 7.8 High |
| In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | ||||
| CVE-2019-13355 | 1 Totaldefense | 1 Anti-virus | 2024-11-21 | 7.8 High |
| In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. | ||||
| CVE-2019-13321 | 1 Mi | 1 Mi Browser | 2024-11-21 | 8.0 High |
| This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of HTTP responses to the Captive Portal. A crafted HTML response can cause the Captive Portal to to open a browser to a specified location without user interaction. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7467. | ||||
| CVE-2019-13208 | 1 Maxx | 1 Waves Maxx Audio | 2024-11-21 | N/A |
| WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0. | ||||
| CVE-2019-13142 | 1 Razer | 1 Surround | 2024-11-21 | N/A |
| The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege. | ||||
| CVE-2019-13069 | 1 Extenua | 1 Silvershield | 2024-11-21 | N/A |
| extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service. | ||||
| CVE-2019-13012 | 2 Gnome, Redhat | 2 Glib, Enterprise Linux | 2024-11-21 | N/A |
| The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. | ||||
| CVE-2019-13009 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. | ||||
| CVE-2019-12876 | 1 Zohocorp | 3 Manageengine Admanager Plus, Manageengine Adselfservice Plus, Manageengine Desktop Central | 2024-11-21 | N/A |
| Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. | ||||
| CVE-2019-12808 | 1 Estsoft | 1 Altools | 2024-11-21 | 7.8 High |
| ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges. | ||||
| CVE-2019-12777 | 1 Enttec | 8 Datagate Mk2, Datagate Mk2 Firmware, E-streamer Mk2 and 5 more | 2024-11-21 | N/A |
| An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory permissions for all users. By default, /usr/local and all of its subdirectories should have permissions set to only allow non-privileged users to read and execute from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories. | ||||