Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2019-5443
HistoryJul 02, 2019 - 6:31 p.m.

CVE-2019-5443

2019-07-0218:31:23
CWE-94
hackerone
www.cve.org
2

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl “engine”) on invocation. If that curl is invoked by a privileged user it can do anything it wants.

CNA Affected

[
  {
    "product": "curl",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "<= 7.65.1"
      }
    ]
  }
]

Related

cve 1
hackerone 3
symantec 1
ibm 2
osv 1
redhatcve 1
prion 1
nvd 1
ubuntucve 1
debiancve 1
nessus 4
openvas 2
cloudfoundry 1
freebsd 1
photon 2
oracle 3
ics 1
cve
cve
CVE-2019-5443
2019-07-02 19:15:10
hackerone
hackerone
curl: Windows Privilege Escalation: Malicious OpenSSL Engine
2019-06-12 02:21:14
curl: curl on Windows can be forced to execute code via OpenSSL environment variables
2019-10-14 23:02:51
Internet Bug Bounty: Windows builds with insecure path defaults (CVE-2019-1552)
2019-08-28 00:18:59
symantec
symantec
curl CVE-2019-5443 Local Code Injection Vulnerability
2019-06-24 00:00:00
ibm
ibm
Security Bulletin: Curl vulnerabilities CVE-2019-5443 impacts IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Client, IBM Aspera Desktop Client 3.9.1 and earlier
2020-07-17 00:46:14
Security Bulletin: cURL vulnerability CVE-2019-5443 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier
2020-12-08 18:23:44
osv
osv
CVE-2019-5443
2019-07-02 19:15:10
redhatcve
redhatcve
CVE-2019-5443
2019-11-13 16:37:26
prion
prion
Code injection
2019-07-02 19:15:00
nvd
nvd
CVE-2019-5443
2019-07-02 19:15:10
ubuntucve
ubuntucve
CVE-2019-5443
2019-07-02 00:00:00
debiancve
debiancve
CVE-2019-5443
2019-07-02 19:15:10
nessus
nessus
Oracle Enterprise Manager Ops Center (Oct 2019 CPU)
2020-01-17 00:00:00
MySQL 5.7.x < 5.7.28 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
MySQL 8.0.x < 8.0.18 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
openvas
openvas
Oracle MySQL Server 5.7 <= 5.7.27 / 8.0 <= 8.0.17 Security Update (cpuoct2019) - Linux
2019-10-23 00:00:00
Oracle MySQL Server 5.7 <= 5.7.27 / 8.0 <= 8.0.17 Security Update (cpuoct2019) - Windows
2019-10-23 00:00:00
cloudfoundry
cloudfoundry
MySQL Security Updates - Oct 2019 | Cloud Foundry
2020-01-27 00:00:00
freebsd
freebsd
MySQL -- Multiple vulerabilities
2019-10-15 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0420
2023-07-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON
Related for CVELIST:CVE-2019-5443
cve1hackerone3symantec1ibm2osv1redhatcve1prion1nvd1ubuntucve1debiancve1nessus4openvas2cloudfoundry1freebsd1photon2oracle3ics1