CVE-2019-5011

HIGH Year: 2019
CVSS v3 Score
7.1
High
CVSS v2 Score
6.6
Medium
Weakness Type
CWE-459
View all →

Vulnerability Description

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.

Related Vulnerabilities

CVE-2021-47110

HIGH
CVSS:7.1(High)

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens f...

CWE-4592021

CVE-2022-42320

HIGH
CVSS:7.0(High)

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights contain...

CWE-4592022

CVE-2024-20303

HIGH
CVSS:7.4(High)

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service ...

CWE-4592024

CVE-2002-2066

HIGH
CVSS:7.5(High)

BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information tha...

CWE-4592002

CVE-2002-2067

HIGH
CVSS:7.5(High)

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be dele...

CWE-4592002

CVE-2002-2068

HIGH
CVSS:7.5(High)

Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

CWE-4592002