Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5512 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
|
|||||
| CVE-2019-5511 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.
|
|||||
| CVE-2019-5508 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).
|
|||||
| CVE-2019-5507 | 1 Netapp | 1 Snapmanager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
|
|||||
| CVE-2019-5501 | 1 Netapp | 1 Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
|
|||||
| CVE-2019-5500 | 1 Netapp | 14 Aff A200, Aff A200 Firmware, Aff A220 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).
|
|||||
| CVE-2019-5498 | 1 Netapp | 1 Oncommand Insight | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.
|
|||||
| CVE-2019-5493 | 1 Netapp | 1 Data Ontap | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
|
|||||
| CVE-2019-5492 | 1 Netapp | 2 Element Plug-in For Vcenter Server, Hyper Converged Infrastructure Compute Node | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
|
|||||
| CVE-2019-5491 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.
|
|||||
| CVE-2019-5465 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
|
|||||
| CVE-2019-5408 | 1 Hp | 3 Xp7 Device Manager, Xp7 Replication Manager, Xp7 Tiered Storage Manager | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as d ...
Show More |
|||||
| CVE-2019-5407 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5405 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
|
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5402 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | 10.0 HIGH | 9.4 CRITICAL |
|
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
|
|||||
| CVE-2019-5399 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 9.7 HIGH | 9.4 CRITICAL |
|
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
|
|||||
| CVE-2019-5396 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | 9.7 HIGH | 9.4 CRITICAL |
|
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
|
|||||
| CVE-2019-5394 | 1 Hp | 3 Blade Maintenance Entity, Integrated Maintenance Entity, Maintenance Entity | 2024-11-21 | 4.9 MEDIUM | 5.1 MEDIUM |
|
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
|
|||||
| CVE-2019-5393 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5392 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5376 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5375 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5374 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5369 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5368 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5347 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5341 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5340 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5339 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5338 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5322 | 1 Arubanetworks | 14 2530 10\/100 Port, 2530 10\/100 Port Firmware, 2530 With Gigt Port and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.
|
|||||
| CVE-2019-5321 | 1 Arubanetworks | 12 2530, 2530 Firmware, 2540 and 9 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI.
|
|||||
| CVE-2019-5308 | 1 Huawei | 2 Mate 20 Rs, Mate 20 Rs Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.
|
|||||
| CVE-2019-5306 | 1 Huawei | 2 P20, P20 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone.
|
|||||
| CVE-2019-5301 | 1 Huawei | 2 Honor V20, Honor V20 Firmware | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information.
|
|||||
| CVE-2019-5297 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone.
|
|||||
| CVE-2019-5295 | 1 Huawei | 2 Honor View 10, Honor View 10 Firmware | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization.
|
|||||
| CVE-2019-5292 | 1 Huawei | 6 Honor 10 Lite, Honor 10 Lite Firmware, Honor 8a and 3 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.
|
|||||
| CVE-2019-5290 | 1 Huawei | 4 S5700, S5700 Firmware, S6700 and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.
|
|||||
| CVE-2019-5284 | 1 Huawei | 2 Leland-al00a, Leland-al00a Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)
|
|||||