Filtered by vendor
Subscriptions
Total
1411 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-11155 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2024-11-21 | 7.1 High |
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | ||||
CVE-2019-11154 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2024-11-21 | 7.1 High |
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | ||||
CVE-2019-11121 | 2 Intel, Microsoft | 2 Media Sdk, Windows | 2024-11-21 | 7.8 High |
Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2019-10710 | 1 Hisilicon | 2 Hi3510, Hi3510 Firmware | 2024-11-21 | N/A |
Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc. | ||||
CVE-2019-10132 | 2 Fedoraproject, Redhat | 4 Fedora, Advanced Virtualization, Enterprise Linux and 1 more | 2024-11-21 | N/A |
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. | ||||
CVE-2019-10116 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue. | ||||
CVE-2019-10115 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information. | ||||
CVE-2019-10110 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials. | ||||
CVE-2019-10084 | 1 Apache | 1 Impala | 2024-11-21 | 7.5 High |
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. | ||||
CVE-2019-1010101 | 1 Akeo | 1 Rufus | 2024-11-21 | N/A |
Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379. | ||||
CVE-2019-1010009 | 1 Dglogik | 1 Dglux Server | 2024-11-21 | N/A |
DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server. | ||||
CVE-2019-0804 | 2 Microsoft, Redhat | 2 Walinuxagent, Enterprise Linux | 2024-11-21 | N/A |
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'. | ||||
CVE-2019-0757 | 4 Apple, Microsoft, Mono-project and 1 more | 11 Macos, .net Core, .net Core Sdk and 8 more | 2024-11-21 | 6.5 Medium |
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. | ||||
CVE-2019-0588 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.5 Medium |
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server. | ||||
CVE-2019-0341 | 1 Sap | 1 Enable Now | 2024-11-21 | N/A |
The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application. | ||||
CVE-2019-0201 | 5 Apache, Debian, Netapp and 2 more | 14 Activemq, Drill, Zookeeper and 11 more | 2024-11-21 | 5.9 Medium |
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. | ||||
CVE-2019-0171 | 1 Intel | 2 Quartus Ii, Quartus Prime | 2024-11-21 | N/A |
Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2019-0138 | 1 Intel | 1 Acu Wizard | 2024-11-21 | N/A |
Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2019-0111 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A |
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2019-0108 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A |
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. |