Export limit exceeded: 74609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14666 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.8 High |
| GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. | ||||
| CVE-2019-14657 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 8.8 High |
| Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | ||||
| CVE-2019-14656 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 8.8 High |
| Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | ||||
| CVE-2019-14613 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | 7.8 High |
| Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14610 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2024-11-21 | 7.8 High |
| Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14608 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2024-11-21 | 7.8 High |
| Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14605 | 1 Intel | 1 Setup And Configuration Software Platform Discovery Utility | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. | ||||
| CVE-2019-14603 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14602 | 2 Intel, Microsoft | 2 Nuvoton Consumer Infrared, Windows | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14601 | 1 Intel | 1 Raid Web Console 3 | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2024-11-21 | 7.8 High |
| Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14586 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 8.0 High |
| Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | ||||
| CVE-2019-14584 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-11-21 | 7.8 High |
| Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14575 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 7.8 High |
| Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14570 | 1 Intel | 10 Nuc 8 Mainstream Game Kit, Nuc 8 Mainstream Game Kit Firmware, Nuc 8 Mainstream Game Mini Computer and 7 more | 2024-11-21 | 7.8 High |
| Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-14569 | 1 Intel | 10 Nuc 8 Mainstream Game Kit, Nuc 8 Mainstream Game Kit Firmware, Nuc 8 Mainstream Game Mini Computer and 7 more | 2024-11-21 | 7.8 High |
| Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-14568 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | 7.8 High |
| Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14566 | 3 Intel, Linux, Microsoft | 3 Software Guard Extensions Sdk, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | ||||
| CVE-2019-14565 | 3 Intel, Linux, Microsoft | 3 Software Guard Extensions Sdk, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | ||||
| CVE-2019-14563 | 3 Debian, Redhat, Tianocore | 3 Debian Linux, Enterprise Linux, Edk2 | 2024-11-21 | 7.8 High |
| Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||