Vulnerabilities (CVE)

CWE filter

CWE-269

Filter

305 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1340 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 7.2
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation...
CVE-2019-1341 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 7.2
An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.
CVE-2019-15051 1 Softing 3 Uagate 840d Firmware, Uagate Mb Firmware, Uagate Si Firmware 2019-10-15 9.0
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
CVE-2019-3689 1 Linux-nfs 1 Nfs-utils 2019-10-15 10.0
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This...
CVE-2019-1321 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 7.2
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.
CVE-2019-1339 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 7.2
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.
CVE-2019-1378 1 Microsoft 1 Windows 10 Update Assistant 2019-10-15 7.2
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation...
CVE-2019-1315 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 7.2
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
CVE-2019-1316 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 7.2
An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.
CVE-2019-1319 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 7.2
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
CVE-2019-1323 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 7.2
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336.
CVE-2019-16913 1 Pcprotect 1 Antivirus 2019-10-11 7.2
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program...
CVE-2019-1330 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Foundation 2019-10-11 4.0
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
CVE-2018-21025 1 Centreon 1 Centreon Vm 2019-10-11 10.0
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
CVE-2019-1336 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 7.2
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.
CVE-2018-19725 1 Adobe 2 Acrobat Dc, Acrobat Reader Dc 2019-10-10 10.0
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-17184 1 Xerox 1 Atlalink Firmware 2019-10-10 7.5
Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.
CVE-2019-11280 1 Pivotal Software 1 Pivotal Application Service 2019-10-09 6.5
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to...
CVE-2019-11279 1 Cloudfoundry 1 Uaa Release 2019-10-09 6.5
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and...
CVE-2019-10418 1 Jenkins 1 Kubernetes Pipeline 2019-10-09 6.5
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.