Total
32122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14809 | 2 Debian, Golang | 2 Debian Linux, Go | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | |||||
| CVE-2019-14783 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | |||||
| CVE-2019-14773 | 1 Webcraftic | 1 Woody Ad Snippets | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. | |||||
| CVE-2019-14765 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | |||||
| CVE-2019-14730 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. | |||||
| CVE-2019-14729 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 5.5 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. | |||||
| CVE-2019-14728 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. | |||||
| CVE-2019-14727 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. | |||||
| CVE-2019-14726 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.5 MEDIUM | 5.4 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. | |||||
| CVE-2019-14723 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. | |||||
| CVE-2019-14722 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. | |||||
| CVE-2019-14716 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | |||||
| CVE-2019-14713 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | |||||
| CVE-2019-14712 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | |||||
| CVE-2019-14707 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI. | |||||
| CVE-2019-14654 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. | |||||
| CVE-2019-14630 | 1 Intel | 26 Dsl3310 Thunderbolt, Dsl3310 Thunderbolt Firmware, Dsl3510 Thunderbolt and 23 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2019-14626 | 1 Intel | 2 Field Programmable Gate Array Programmable Acceleration Card N3000, Field Programmable Gate Array Programmable Acceleration Card N3000 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control in PCIe function for the IntelĀ® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14620 | 1 Intel | 22 Ac 3165, Ac 3165 Firmware, Ac 3168 and 19 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. | |||||
| CVE-2019-14615 | 2 Canonical, Intel | 709 Ubuntu Linux, Atom E3805, Atom E3805 Firmware and 706 more | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||