CVE-2019-5013

HIGH Year: 2019
CVSS v3 Score
7.1
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-88
View all →

Vulnerability Description

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit.

Related Vulnerabilities

CVE-2019-12264

HIGH
CVSS:7.1(High)

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

CWE-882019

CVE-2024-51532

HIGH
CVSS:7.1(High)

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this...

CWE-882024

CVE-2020-14421

HIGH
CVSS:7.2(High)

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

CWE-882020

CVE-2020-35136

HIGH
CVSS:7.2(High)

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for...

CWE-882020

CVE-2020-5792

HIGH
CVSS:7.2(High)

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of ...

CWE-882020

CVE-2021-34816

HIGH
CVSS:7.2(High)

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.

CWE-882021