Total
32127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4103 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094. | |||||
| CVE-2019-4101 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091. | |||||
| CVE-2019-4088 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. | |||||
| CVE-2019-4084 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384. | |||||
| CVE-2019-4066 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011. | |||||
| CVE-2019-4057 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567. | |||||
| CVE-2019-4055 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. | |||||
| CVE-2019-4054 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563. | |||||
| CVE-2019-4052 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. | |||||
| CVE-2019-4045 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. | |||||
| CVE-2019-4039 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163. | |||||
| CVE-2019-4036 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. | |||||
| CVE-2019-4034 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000. | |||||
| CVE-2019-4031 | 1 Ibm | 1 Tivoli Workload Scheduler | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997. | |||||
| CVE-2019-3974 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. | |||||
| CVE-2019-3971 | 1 Comodo | 1 Antivirus | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". A low privileged local process can connect to this port and send an LPC_DATAGRAM, which triggers an Access Violation due to hardcoded NULLs used for Source parameter in a memcpy operation that is called for this handler. This results in CmdVirth.exe and its child svchost.exe instances to terminate. | |||||
| CVE-2019-3969 | 1 Comodo | 1 Antivirus | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges. | |||||
| CVE-2019-3936 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow. | |||||
| CVE-2019-3910 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. | |||||
| CVE-2019-3894 | 1 Redhat | 2 Jboss Enterprise Application Platform, Wildfly | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. | |||||