Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12751 | 1 Symantec | 1 Message Gateway | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2019-12733 | 1 Sitevision | 1 Sitevision | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| SiteVision 4 allows Remote Code Execution. | |||||
| CVE-2019-12676 | 1 Cisco | 13 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 10 more | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
| A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. | |||||
| CVE-2019-12669 | 1 Cisco | 4 Catalyst 3560, Catalyst 3560-e, Catalyst 3560-x and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
| CVE-2019-12656 | 1 Cisco | 30 Cgr 1000, Cgr 1000 Firmware, Ic3000 and 27 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. | |||||
| CVE-2019-12617 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. | |||||
| CVE-2019-12612 | 1 Bitdefender | 2 Box, Box Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. | |||||
| CVE-2019-12594 | 2 Debian, Dosbox | 2 Debian Linux, Dosbox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| DOSBox 0.74-2 has Incorrect Access Control. | |||||
| CVE-2019-12586 | 1 Espressif | 3 Arduino-esp32, Esp-idf, Esp8266 Nonos Sdk | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | |||||
| CVE-2019-12532 | 1 Insyde | 6 H2oelv, H2offt, H2ooae and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08. | |||||
| CVE-2019-12528 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. | |||||
| CVE-2019-12523 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. | |||||
| CVE-2019-12499 | 1 Firejail Project | 1 Firejail | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736. | |||||
| CVE-2019-12494 | 1 Gardener | 1 Gardener | 2024-11-21 | 5.0 MEDIUM | 8.5 HIGH |
| In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked. | |||||
| CVE-2019-12491 | 1 Onapp | 1 Onapp | 2024-11-21 | 8.5 HIGH | 6.6 MEDIUM |
| OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server. | |||||
| CVE-2019-12490 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links. | |||||
| CVE-2019-12474 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
| CVE-2019-12473 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
| CVE-2019-12472 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
| CVE-2019-12467 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||