Total
10289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8515 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2019-8507 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination. | |||||
| CVE-2019-8503 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | |||||
| CVE-2019-8502 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization. | |||||
| CVE-2019-7959 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7899 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2019-7898 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. | |||||
| CVE-2019-7885 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. | |||||
| CVE-2019-7843 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-7617 | 1 Elastic | 1 Apm Agent | 2024-11-21 | 6.4 MEDIUM | 7.2 HIGH |
| When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing. | |||||
| CVE-2019-7589 | 1 Johnsoncontrols | 1 Entrapass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior. | |||||
| CVE-2019-7443 | 4 Fedoraproject, Kde, Opensuse and 1 more | 5 Fedora, Kauth, Backports and 2 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. | |||||
| CVE-2019-7412 | 1 Ps Phpcaptcha Wp Project | 1 Ps Phpcaptcha Wp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. | |||||
| CVE-2019-7292 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | |||||
| CVE-2019-7178 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | |||||
| CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | |||||
| CVE-2019-6690 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. | |||||
| CVE-2019-6663 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. | |||||
| CVE-2019-6654 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. | |||||
| CVE-2019-6555 | 1 Hornerautomation | 1 Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code. | |||||