Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11320 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. | |||||
| CVE-2019-11229 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. | |||||
| CVE-2019-11211 | 1 Tibco | 2 Enterprise Runtime For R, Spotfire Analytics Platform For Aws | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0. | |||||
| CVE-2019-11210 | 1 Tibco | 2 Enterprise Runtime For R, Spotfire Analytics Platform For Aws | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0. | |||||
| CVE-2019-11209 | 1 Tibco | 1 Ftl | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0. | |||||
| CVE-2019-11208 | 1 Tibco | 1 Api Exchange Gateway | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions. | |||||
| CVE-2019-11206 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0. | |||||
| CVE-2019-11204 | 1 Tibco | 1 Spotfire Statistics Services | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0. | |||||
| CVE-2019-11200 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.) | |||||
| CVE-2019-11174 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2019-11173 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | |||||
| CVE-2019-11168 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | |||||
| CVE-2019-11163 | 1 Intel | 1 Processor Identification Utility | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | |||||
| CVE-2019-11162 | 1 Intel | 1 Computing Improvement Program | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | |||||
| CVE-2019-11157 | 1 Intel | 528 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 525 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. | |||||
| CVE-2019-11156 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | |||||
| CVE-2019-11148 | 1 Intel | 1 Remote Displays Sdk | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11143 | 1 Intel | 1 Authenticate | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11136 | 2 Hpe, Intel | 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-11135 | 9 Canonical, Debian, Fedoraproject and 6 more | 304 Ubuntu Linux, Debian Linux, Fedora and 301 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | |||||