Total
8056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9444 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-9424 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092 | |||||
| CVE-2019-9225 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5). | |||||
| CVE-2019-9179 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5). | |||||
| CVE-2019-9175 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5). | |||||
| CVE-2019-9126 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device. | |||||
| CVE-2019-9103 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. | |||||
| CVE-2019-8730 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes. | |||||
| CVE-2019-8620 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address. | |||||
| CVE-2019-8567 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address. | |||||
| CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 | |||||
| CVE-2019-7852 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | |||||
| CVE-2019-7628 | 1 Redhat | 1 Pagure | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.) | |||||
| CVE-2019-7535 | 1 Gurock | 1 Testrail | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology. | |||||
| CVE-2019-7436 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7434 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7431 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7429 | 1 Property Rental Software Project | 1 Property Rental Software | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. | |||||
| CVE-2019-7388 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. | |||||
| CVE-2019-7353 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. | |||||