Total
32006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16377 | 1 Makandra | 1 Consul | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. | |||||
| CVE-2019-16353 | 1 Geautomation | 1 Proficy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. | |||||
| CVE-2019-16314 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. | |||||
| CVE-2019-16288 | 1 Tenda | 2 N301, N301 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. | |||||
| CVE-2019-16287 | 1 Hp | 1 Thinpro | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges. | |||||
| CVE-2019-16284 | 1 Hp | 204 260 G1 Dm, 260 G1 Dm Firmware, 280 Pro G1 and 201 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. | |||||
| CVE-2019-16273 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS. | |||||
| CVE-2019-16257 | 1 Motorola | 2 Motorola, Motorola Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | |||||
| CVE-2019-16253 | 1 Samsung | 1 Text-to-speech | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. | |||||
| CVE-2019-16251 | 1 Yithemes | 38 Yith Advanced Refund System For Woocommerce, Yith Color And Label Variations For Woocommerce, Yith Custom Thank You Page For Woocommerce and 35 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | |||||
| CVE-2019-16248 | 1 Telegram | 1 Telegram | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message). | |||||
| CVE-2019-16247 | 1 Deltaww | 1 Dcisoft | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. | |||||
| CVE-2019-16245 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| OMERO before 5.6.1 makes the details of each user available to all users. | |||||
| CVE-2019-16244 | 1 Openmicroscopy | 1 Omero.server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query. | |||||
| CVE-2019-16214 | 1 Libra | 1 Libra Core | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character. | |||||
| CVE-2019-16181 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| In Limesurvey before 3.17.14, admin users can mark other users' notifications as read. | |||||
| CVE-2019-16180 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. | |||||
| CVE-2019-16176 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. | |||||
| CVE-2019-16170 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | |||||
| CVE-2019-16155 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. | |||||