Export limit exceeded: 76020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5607 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.8 High |
| In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail. | ||||
| CVE-2019-5606 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.8 High |
| In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail. | ||||
| CVE-2019-5603 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.8 High |
| In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. | ||||
| CVE-2019-5543 | 2 Microsoft, Vmware | 4 Windows, Horizon Client, Remote Console and 1 more | 2024-11-21 | 7.8 High |
| For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user. | ||||
| CVE-2019-5542 | 1 Vmware | 2 Fusion, Workstation | 2024-11-21 | 7.7 High |
| VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. | ||||
| CVE-2019-5540 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-11-21 | 7.7 High |
| VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process. | ||||
| CVE-2019-5539 | 2 Microsoft, Vmware | 3 Windows, Horizon View Agent, Workstation | 2024-11-21 | 7.8 High |
| VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed. | ||||
| CVE-2019-5534 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 7.7 High |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | ||||
| CVE-2019-5532 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 7.7 High |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | ||||
| CVE-2019-5527 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2024-11-21 | 8.8 High |
| ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. | ||||
| CVE-2019-5508 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 7.5 High |
| Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | ||||
| CVE-2019-5500 | 1 Netapp | 14 Aff A200, Aff A200 Firmware, Aff A220 and 11 more | 2024-11-21 | 7.5 High |
| Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). | ||||
| CVE-2019-5486 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. | ||||
| CVE-2019-5484 | 1 Bower | 1 Bower | 2024-11-21 | 7.5 High |
| Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. | ||||
| CVE-2019-5479 | 1 Larvit | 1 Larvitbase | 2024-11-21 | 7.5 High |
| An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). | ||||
| CVE-2019-5473 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.2 High |
| An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | ||||
| CVE-2019-5472 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | ||||
| CVE-2019-5470 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | ||||
| CVE-2019-5468 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | ||||
| CVE-2019-5462 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | ||||