Vulnerabilities (CVE)

Filtered by CWE-269
Total 2619 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1754 1 Cisco 1 Ios Xe 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.
CVE-2019-1588 1 Cisco 2 Nexus 9000, Nx-os 2026-06-17 2.1 LOW 4.4 MEDIUM
A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h).
CVE-2019-1454 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2026-06-17 3.6 LOW 5.5 MEDIUM
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
CVE-2019-1405 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 12 more 2026-06-17 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
CVE-2019-1388 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 11 more 2026-06-17 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
CVE-2019-1215 1 Microsoft 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more 2026-06-17 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
CVE-2019-1177 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2026-06-17 4.6 MEDIUM 7.0 HIGH
An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the rpcss.dll properly handles objects in memory.
CVE-2019-1175 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2026-06-17 4.6 MEDIUM 7.0 HIGH
An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the psmsrv.dll properly handles objects in memory.
CVE-2019-1162 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2026-06-17 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
CVE-2019-1007 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2026-06-17 4.6 MEDIUM 7.8 HIGH
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
CVE-2019-1000 1 Microsoft 1 Azure Active Directory Connect 2026-06-17 3.5 LOW 5.3 MEDIUM
An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'.
CVE-2019-19783 4 Canonical, Cyrus, Debian and 1 more 4 Ubuntu Linux, Imap, Debian Linux and 1 more 2026-06-17 3.5 LOW 6.5 MEDIUM
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
CVE-2019-19728 3 Debian, Opensuse, Schedmd 3 Debian Linux, Leap, Slurm 2026-06-17 6.0 MEDIUM 7.5 HIGH
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
CVE-2019-19726 1 Openbsd 1 Openbsd 2026-06-17 7.2 HIGH 7.8 HIGH
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
CVE-2019-19699 1 Centreon 1 Centreon 2026-06-17 9.0 HIGH 7.2 HIGH
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.
CVE-2019-19585 1 Rconfig 1 Rconfig 2026-06-17 4.6 MEDIUM 7.8 HIGH
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
CVE-2019-19544 1 Broadcom 1 Ca Automic Dollar Universe 2026-06-17 7.2 HIGH 7.8 HIGH
CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.
CVE-2019-19348 1 Redhat 1 Openshift 2026-06-17 4.4 MEDIUM 7.0 HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
CVE-2019-19346 1 Redhat 1 Openshift 2026-06-17 4.4 MEDIUM 7.0 HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
CVE-2019-19216 1 Bmcsoftware 1 Control-m\/agent 2026-06-17 8.5 HIGH 8.8 HIGH
BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.