Total
32129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7619 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. | |||||
| CVE-2019-7549 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information. | |||||
| CVE-2019-7489 | 1 Sonicwall | 1 Email Security Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | |||||
| CVE-2019-7441 | 1 Woocommerce | 1 Paypal Checkout Payment Gateway | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state | |||||
| CVE-2019-7439 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. | |||||
| CVE-2019-7386 | 2 Kaiostech, Nokia | 3 Kaios, 8810 4g, 8810 4g Firmware | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device. | |||||
| CVE-2019-7309 | 1 Gnu | 1 Glibc | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. | |||||
| CVE-2019-7291 | 1 Apple | 1 Airport Base Station Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack. | |||||
| CVE-2019-7288 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos . | |||||
| CVE-2019-7284 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | |||||
| CVE-2019-7283 | 2 Debian, Netkit | 2 Debian Linux, Netkit | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. | |||||
| CVE-2019-7282 | 3 Debian, Fedoraproject, Netkit | 3 Debian Linux, Fedora, Netkit | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. | |||||
| CVE-2019-7277 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. | |||||
| CVE-2019-7276 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. | |||||
| CVE-2019-7247 | 1 Amd | 1 Overdrive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-7246 | 1 Amd | 1 Atillk64 | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-7222 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | |||||
| CVE-2019-7216 | 1 Encodable | 1 Filechucker | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php. | |||||
| CVE-2019-7176 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. | |||||
| CVE-2019-7174 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations. | |||||