Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8456 | 1 Checkpoint | 1 Ipsec Vpn | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.
|
|||||
| CVE-2019-8448 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
|
|||||
| CVE-2019-8442 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
|
|||||
| CVE-2019-8418 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
|
|||||
| CVE-2019-8408 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.
|
|||||
| CVE-2019-8392 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
|
|||||
| CVE-2019-8387 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
|
|||||
| CVE-2019-8336 | 1 Hashicorp | 1 Consul | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances.
|
|||||
| CVE-2019-8236 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Macos, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
|
|||||
| CVE-2019-8231 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
|
|||||
| CVE-2019-8230 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
|
|||||
| CVE-2019-8229 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
|
|||||
| CVE-2019-8226 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability. Successful exploitation could lead to information disclosure.
|
|||||
| CVE-2019-8150 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.
|
|||||
| CVE-2019-8144 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
|
|||||
| CVE-2019-8137 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.
|
|||||
| CVE-2019-8136 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component.
|
|||||
| CVE-2019-8133 | 1 Magento | 1 Magento | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service.
|
|||||
| CVE-2019-8125 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
|
|||||
| CVE-2019-8124 | 1 Magento | 1 Magento | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
|
|||||
| CVE-2019-8123 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.
|
|||||
| CVE-2019-8122 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution.
|
|||||
| CVE-2019-8121 | 1 Magento | 1 Magento | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.
|
|||||
| CVE-2019-8119 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.
|
|||||
| CVE-2019-8111 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
|
|||||
| CVE-2019-8110 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
|
|||||
| CVE-2019-8107 | 1 Magento | 1 Magento | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.
|
|||||
| CVE-2019-8097 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an internal ip disclosure vulnerability. Successful exploitation could lead to information disclosure.
|
|||||
| CVE-2019-8091 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
|
|||||
| CVE-2019-8090 | 1 Magento | 1 Magento | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.
|
|||||
| CVE-2019-8081 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2019-8075 | 7 Adobe, Apple, Debian and 4 more | 11 Flash Player, Flash Player Desktop Runtime, Macos and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
|
|||||
| CVE-2019-8072 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
|
|||||
| CVE-2019-8063 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage.
|
|||||
| CVE-2019-7964 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.
|
|||||
| CVE-2019-7957 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.
|
|||||
| CVE-2019-7951 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests.
|
|||||
| CVE-2019-7942 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.
|
|||||
| CVE-2019-7932 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.
|
|||||
| CVE-2019-7929 | 1 Magento | 1 Magento | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request.
|
|||||