Export limit exceeded: 75086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75086 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3693 | 2 Opensuse, Suse | 4 Backports Sle, Leap, Linux Enterprise Server and 1 more | 2024-11-21 | 7.7 High |
| A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. | ||||
| CVE-2019-3692 | 2 Opensuse, Suse | 5 Backports Sle, Factory, Leap and 2 more | 2024-11-21 | 7.7 High |
| The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. | ||||
| CVE-2019-3691 | 2 Opensuse, Suse | 3 Factory, Munge, Suse Linux Enterprise Server | 2024-11-21 | 7.7 High |
| A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1. | ||||
| CVE-2019-3685 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 7.4 High |
| Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | ||||
| CVE-2019-3683 | 2 Hp, Suse | 3 Helion Openstack, Keystone-json-assignment, Openstack Cloud | 2024-11-21 | 8.8 High |
| The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations. | ||||
| CVE-2019-3682 | 1 Suse | 1 Caas Platform | 2024-11-21 | 8.4 High |
| The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node. | ||||
| CVE-2019-3681 | 2 Opensuse, Suse | 5 Factory, Leap, Osc and 2 more | 2024-11-21 | 7.5 High |
| A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 . | ||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-11-21 | 8 High |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | ||||
| CVE-2019-3661 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 8.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | ||||
| CVE-2019-3660 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 8.4 High |
| Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | ||||
| CVE-2019-3651 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 8.8 High |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | ||||
| CVE-2019-3644 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2024-11-21 | 7.5 High |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | ||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 8.1 High |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | ||||
| CVE-2019-3636 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2024-11-21 | 7.5 High |
| A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | ||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 8.8 High |
| Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | ||||
| CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 7.2 High |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | ||||
| CVE-2019-3630 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 7.2 High |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | ||||
| CVE-2019-3628 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 8.8 High |
| Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | ||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 8.2 High |
| Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | ||||
| CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
| Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | ||||