Total
33432 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15078 | 1 Xbornid | 1 Xbornid | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free. | |||||
| CVE-2019-15069 | 1 Gigastone | 2 Smart Battery A4, Smart Battery A4 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. | |||||
| CVE-2019-15067 | 1 Gigastone | 2 Smart Battery A2-25de, Smart Battery A2-25de Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. | |||||
| CVE-2019-15066 | 1 Hinet | 2 Gpon, Gpon Firmware | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2019-15065 | 1 Hinet | 2 Gpon, Gpon Firmware | 2024-11-21 | 5.0 MEDIUM | 9.3 CRITICAL |
| A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2019-15038 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. | |||||
| CVE-2019-15035 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | |||||
| CVE-2019-15028 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. | |||||
| CVE-2019-15009 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | |||||
| CVE-2019-14986 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed. | |||||
| CVE-2019-14940 | 1 Spdk | 1 Storage Performance Development Kit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. | |||||
| CVE-2019-14939 | 1 Mysql Project | 1 Mysql | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | |||||
| CVE-2019-14936 | 1 Easyappointments | 1 Easy\!appointments | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). | |||||
| CVE-2019-14920 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature. | |||||
| CVE-2019-14902 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. | |||||
| CVE-2019-14888 | 2 Netapp, Redhat | 6 Active Iq Unified Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. | |||||
| CVE-2019-14880 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | |||||
| CVE-2019-14820 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Fuse, Keycloak and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information. | |||||
| CVE-2019-14809 | 2 Debian, Golang | 2 Debian Linux, Go | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | |||||
| CVE-2019-14783 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | |||||