Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19741 | 1 Ea | 1 Origin | 2024-11-21 | 7.8 High |
| Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges. | ||||
| CVE-2019-19739 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.5 High |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels. | ||||
| CVE-2019-19737 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks. | ||||
| CVE-2019-19734 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | ||||
| CVE-2019-19732 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.2 High |
| translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | ||||
| CVE-2019-19731 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | 7.5 High |
| Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded). | ||||
| CVE-2019-19729 | 1 Bson-objectid Project | 1 Bson-objectid | 2024-11-21 | 7.5 High |
| An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype. | ||||
| CVE-2019-19728 | 3 Debian, Opensuse, Schedmd | 3 Debian Linux, Leap, Slurm | 2024-11-21 | 7.5 High |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | ||||
| CVE-2019-19726 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.8 High |
| OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. | ||||
| CVE-2019-19724 | 1 Sylabs | 1 Singularity | 2024-11-21 | 7.5 High |
| Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. | ||||
| CVE-2019-19721 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.8 High |
| An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | ||||
| CVE-2019-19720 | 1 Yabasic | 1 Yabasic | 2024-11-21 | 8.8 High |
| Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file. | ||||
| CVE-2019-19707 | 1 Moxa | 6 Eds-g508e, Eds-g508e Firmware, Eds-g512e and 3 more | 2024-11-21 | 7.5 High |
| On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. | ||||
| CVE-2019-19704 | 1 Jetbrains | 1 Upsource | 2024-11-21 | 7.5 High |
| In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. | ||||
| CVE-2019-19702 | 1 Modoboa | 1 Modoboa-dmarc | 2024-11-21 | 7.5 High |
| The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain. | ||||
| CVE-2019-19699 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.2 High |
| There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. | ||||
| CVE-2019-19695 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 7.5 High |
| A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | ||||
| CVE-2019-19693 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2024-11-21 | 7.1 High |
| The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2019-19689 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 7.8 High |
| Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | ||||
| CVE-2019-19688 | 1 Trendmicro | 1 Housecall For Home Networks | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges. | ||||