Total
34431 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19164 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2019-19163 | 1 Commax | 1 Cdp-1020mb Firmware | 2024-11-21 | 5.8 MEDIUM | 7.5 HIGH |
| A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL. | |||||
| CVE-2019-19138 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. | |||||
| CVE-2019-19023 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-18997 | 1 Abb | 1 Pb610 Panel Builder 600 | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access. | |||||
| CVE-2019-18981 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | |||||
| CVE-2019-18979 | 1 Claranova | 1 Adaware Antivirus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | |||||
| CVE-2019-18948 | 1 Arista | 1 Eos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train. | |||||
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.2 MEDIUM | 7.3 HIGH |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | |||||
| CVE-2019-18933 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | |||||
| CVE-2019-18928 | 3 Cyrus, Debian, Fedoraproject | 3 Imap, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | |||||
| CVE-2019-18913 | 1 Hp | 66 Elite Dragonfly, Elite Dragonfly Firmware, Elite X2 G4 and 63 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02). | |||||
| CVE-2019-18912 | 1 Hp | 23 Futuresmart 4, Laserjet Enterprise Flow Mfp M527 F2a78v, Laserjet Enterprise Flow Mfp M527 F2a79a and 20 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. | |||||
| CVE-2019-18864 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | |||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | |||||
| CVE-2019-18855 | 1 10up | 1 Safe Svg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | |||||
| CVE-2019-18841 | 1 Chartkick | 1 Chartkick.js | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | |||||
| CVE-2019-18802 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers. | |||||
| CVE-2019-18642 | 1 Sparkdevnetwork | 1 Rock Rms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account. | |||||
| CVE-2019-18641 | 1 Sparkdevnetwork | 1 Rock Rms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. | |||||