Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0219 | 2 Apache, Oracle | 3 Cordova Inappbrowser, Instantis Enterprisetrack, Retail Xstore Point Of Service | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. | |||||
| CVE-2019-0215 | 2 Apache, Fedoraproject | 2 Http Server, Fedora | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. | |||||
| CVE-2019-0214 | 1 Apache | 1 Archiva | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file. | |||||
| CVE-2019-0212 | 1 Apache | 1 Hbase | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. | |||||
| CVE-2019-0204 | 2 Apache, Redhat | 2 Mesos, Fuse | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host. | |||||
| CVE-2019-0200 | 1 Apache | 1 Qpid Broker-j | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later. | |||||
| CVE-2019-0190 | 3 Apache, Openssl, Oracle | 6 Http Server, Openssl, Enterprise Manager Ops Center and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts. | |||||
| CVE-2019-0184 | 1 Intel | 256 Core I5-6360u, Core I5-6360u Firmware, Core I5-6440eq and 253 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0181 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0177 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0174 | 1 Intel | 376 2000e, 2000e Firmware, 2002e and 373 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access. | |||||
| CVE-2019-0173 | 1 Intel | 1 Raid Web Console 2 | 2024-11-21 | 5.8 MEDIUM | 7.6 HIGH |
| Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. | |||||
| CVE-2019-0172 | 1 Intel | 1 Unite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access. | |||||
| CVE-2019-0162 | 1 Intel | 1 - | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0159 | 1 Intel | 1 Administrative Tools For Intel Network Adapters | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0158 | 1 Intel | 1 Graphics Performance Analyzer | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0155 | 3 Canonical, Intel, Redhat | 709 Ubuntu Linux, Atom X5-e3930, Atom X5-e3930 Firmware and 706 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0154 | 2 Canonical, Intel | 295 Ubuntu Linux, Atom X5-a3930, Atom X5-a3930 Firmware and 292 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-0150 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
| Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2019-0142 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||