• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-732

CVE-2019-12042

February 26, 2023 by

Insecure permissions of the section object GlobalPandaDevicesAgentSharedMemory and the event GlobalPandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.

CVE-2019-12102

February 26, 2023 by

** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions correctly. The vendor states that by default all users can read/modify/upload files, and it’s up to the administrator to decide who should have access to the media library and set the permissions accordingly. See the vendor documentation in the references for more information.

CVE-2019-11806

February 26, 2023 by

OX App Suite 7.10.1 and earlier has Insecure Permissions.

CVE-2019-11526

February 26, 2023 by

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.

CVE-2019-11528

February 26, 2023 by

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.

CVE-2019-11328

February 26, 2023 by

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing//`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 91
  • Go to page 92
  • Go to page 93
  • Go to page 94
  • Go to page 95
  • Interim pages omitted …
  • Go to page 144
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE