Total
32116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13164 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. | |||||
| CVE-2019-13057 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 3.5 LOW | 4.9 MEDIUM |
| An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) | |||||
| CVE-2019-13053 | 1 Logitech | 2 Unifying Receiver, Unifying Receiver Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761. | |||||
| CVE-2019-13035 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. | |||||
| CVE-2019-13010 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-13006 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. | |||||
| CVE-2019-13005 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control. | |||||
| CVE-2019-13002 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. | |||||
| CVE-2019-12913 | 1 Rdbrck | 1 Shift | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2019-12867 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | |||||
| CVE-2019-12854 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it. | |||||
| CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | |||||
| CVE-2019-12812 | 2 Activesoft, Microsoft | 2 Mybuilder, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. | |||||
| CVE-2019-12809 | 1 Yes24 | 1 Viewer Activex | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution. | |||||
| CVE-2019-12789 | 1 Actiontec | 2 T2200h, T2200h Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device. | |||||
| CVE-2019-12764 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users. | |||||
| CVE-2019-12763 | 1 Securitycamera | 1 Security Camera Cz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application. | |||||
| CVE-2019-12762 | 6 Fujitsu, Google, Mi and 3 more | 16 Arrows Nx F05-f, Arrows Nx F05-f Firmware, Nexus 7 and 13 more | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
| Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | |||||
| CVE-2019-12759 | 1 Symantec | 2 Endpoint Protection Manager, Mail Security | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2019-12757 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||