Total
33585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9945 | 1 Softnas | 1 Cloud | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data. | |||||
| CVE-2019-9944 | 1 Openmicroscopy | 1 Omero.server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames. | |||||
| CVE-2019-9942 | 2 Debian, Symfony | 2 Debian Linux, Twig | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | |||||
| CVE-2019-9939 | 1 Ushareit | 1 Shareit | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices. | |||||
| CVE-2019-9931 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. | |||||
| CVE-2019-9927 | 1 Caret | 1 Caret | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Caret before 2019-02-22 allows Remote Code Execution. | |||||
| CVE-2019-9920 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. | |||||
| CVE-2019-9897 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | |||||
| CVE-2019-9893 | 1 Libseccomp Project | 1 Libseccomp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. | |||||
| CVE-2019-9890 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
| CVE-2019-9864 | 1 Amazon Affiliate Store Project | 1 Amazon Affiliate Store | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. | |||||
| CVE-2019-9849 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. | |||||
| CVE-2019-9835 | 1 Fujitsu | 4 Gk900, Gk900 Firmware, Lx901 and 1 more | 2024-11-21 | 5.8 MEDIUM | 9.6 CRITICAL |
| The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption. | |||||
| CVE-2019-9833 | 1 Screen Stream Project | 1 Screen Stream | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests. | |||||
| CVE-2019-9832 | 1 Airdrop Project | 1 Airdrop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port. | |||||
| CVE-2019-9831 | 1 Airmore | 1 Airmore | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests. | |||||
| CVE-2019-9733 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory. | |||||
| CVE-2019-9732 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. | |||||
| CVE-2019-9730 | 1 Synaptics | 1 Sound Device | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API. | |||||
| CVE-2019-9708 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system. | |||||