Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11646 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. | |||||
| CVE-2019-11616 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password. | |||||
| CVE-2019-11583 | 1 Atlassian | 1 Jira | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". | |||||
| CVE-2019-11561 | 1 Chuango | 20 A11, A11 Firmware, A8 and 17 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. | |||||
| CVE-2019-11544 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. | |||||
| CVE-2019-11541 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks. | |||||
| CVE-2019-11540 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack. | |||||
| CVE-2019-11536 | 1 Kalkitech | 2 Sync3000, Sync3000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser. | |||||
| CVE-2019-11509 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. | |||||
| CVE-2019-11499 | 3 Dovecot, Fedoraproject, Opensuse | 3 Dovecot, Fedora, Leap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | |||||
| CVE-2019-11489 | 1 Simplybook | 1 Simplybook | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI. | |||||
| CVE-2019-11485 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. | |||||
| CVE-2019-11483 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.0 HIGH |
| Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. | |||||
| CVE-2019-11461 | 1 Gnome | 1 Nautilus | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | |||||
| CVE-2019-11415 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. | |||||
| CVE-2019-11383 | 1 Wifi Ftp Server Project | 1 Wifi Ftp Server | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml | |||||
| CVE-2019-11380 | 1 Estrongs | 1 Es File Explorer File Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage. | |||||
| CVE-2019-11343 | 1 Torpedoquery | 1 Torpedo Query | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java. | |||||
| CVE-2019-11332 | 1 Mkcms Project | 1 Mkcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456. | |||||
| CVE-2019-11331 | 1 Ntp | 1 Ntp | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. | |||||