Vulnerabilities (CVE)

CWE filter

CWE-264

Filter

7323 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-19937 2019-04-18 4.6
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
CVE-2019-5674 2019-04-18 6.9
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead...
CVE-2019-5670 1 Nvidia 1 Gpu Driver 2019-04-18 7.2
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes...
CVE-2019-5669 1 Nvidia 1 Gpu Driver 2019-04-18 7.2
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes...
CVE-2019-5665 1 Nvidia 1 Gpu Driver 2019-04-18 7.2
NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or...
CVE-2019-5490 1 Netapp 1 Service Processor 2019-04-18 10.0
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact...
CVE-2019-0121 1 Intel 1 Matrix Storage Manager 2019-04-18 4.6
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-18435 1 Kioware 1 Kioware Server 2019-04-18 7.2
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs...
CVE-2019-6579 1 Siemens 1 Spectrum Power 4 2019-04-18 7.5
A vulnerability has been identified in Spectrum Power? 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security...
CVE-2019-9499 1 W1.fi 2 Hostapd, Wpa Supplicant 2019-04-18 6.8
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete...
CVE-2019-9498 1 W1.fi 2 Hostapd, Wpa Supplicant 2019-04-18 6.8
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid...
CVE-2018-12989 2019-04-18 7.2
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
CVE-2018-4007 1 Shimovpn 1 Shimo Vpn 2019-04-18 6.6
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine...
CVE-2019-0158 1 Intel 1 Graphics Performance Analyzer 2019-04-18 4.6
Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-5766 4 Google, Debian, Redhat and 1 more 6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more 2019-04-18 4.3
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-18094 1 Intel 1 Media Sdk 2019-04-18 4.6
Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-5779 4 Google, Debian, Redhat and 1 more 6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more 2019-04-18 4.3
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2018-19966 1 Debian 1 Debian Linux 2019-04-17 7.2
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow...
CVE-2018-19962 3 Xen, Citrix, Debian 3 Xen, Xenserver, Debian Linux 2019-04-17 6.9
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
CVE-2018-19961 3 Xen, Citrix, Debian 3 Xen, Xenserver, Debian Linux 2019-04-17 6.9
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.