Total
32122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14613 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14596 | 1 Intel | 1 Chipset Inf Utility | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-14587 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2019-14575 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14525 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. | |||||
| CVE-2019-14483 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. | |||||
| CVE-2019-14458 | 1 Vivotek | 1 Camera | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | |||||
| CVE-2019-14454 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | |||||
| CVE-2019-14441 | 1 Libav | 1 Libav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129 | |||||
| CVE-2019-14422 | 1 Tortoisesvn | 1 Tortoisesvn | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside. | |||||
| CVE-2019-14417 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | |||||
| CVE-2019-14416 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | |||||
| CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | |||||
| CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | |||||
| CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | |||||
| CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | |||||
| CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | |||||
| CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | |||||
| CVE-2019-14405 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | |||||
| CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | |||||