Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
|
|||||
| CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
|
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user.
|
|||||
| CVE-2019-15718 | 3 Fedoraproject, Redhat, Systemd Project | 14 Fedora, Enterprise Linux, Enterprise Linux Eus and 11 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
|
|||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.
|
|||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.
|
|||||
| CVE-2019-15707 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
|
|||||
| CVE-2019-15698 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.
|
|||||
| CVE-2019-15687 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure.
|
|||||
| CVE-2019-15686 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
|
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass.
|
|||||
| CVE-2019-15685 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.
|
|||||
| CVE-2019-15684 | 2 Google, Kaspersky | 2 Chrome, Protection | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
|
|||||
| CVE-2019-15657 | 1 Eslint-utils Project | 1 Eslint-utils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.
|
|||||
| CVE-2019-15650 | 1 Easyupdatesmanager | 1 Easy Updates Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error.
|
|||||
| CVE-2019-15631 | 1 Mulesoft | 2 Api Gateway, Mule Runtime | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2019-15629 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.
|
|||||
| CVE-2019-15625 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
|
|||||
| CVE-2019-15623 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports Sle, Package Hub | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
|
|||||
| CVE-2019-15617 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.
|
|||||
| CVE-2019-15595 | 1 Ui | 1 Unifi Video Controller | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.
|
|||||
| CVE-2019-15594 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
|
|||||
| CVE-2019-15592 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
|
|||||
| CVE-2019-15579 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
|
|||||
| CVE-2019-15522 | 1 Linbit | 1 Csync2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.
|
|||||
| CVE-2019-15514 | 1 Telegram | 1 Telegram | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.
|
|||||
| CVE-2019-15502 | 1 Teamspeak | 1 Teamspeak | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE).
|
|||||
| CVE-2019-15493 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
|
|||||
| CVE-2019-15471 | 1 Mi | 2 Mix 2s, Mix 2s Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that ...
Show More |
|||||
| CVE-2019-15470 | 1 Mi | 2 Redmi Note 6 Pro, Redmi Note 6 Pro Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions t ...
Show More |
|||||
| CVE-2019-15469 | 1 Mi | 2 Pad 4, Pad 4 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that ar ...
Show More |
|||||
| CVE-2019-15465 | 1 Samsung | 2 Galaxy J7 Pro, Galaxy J7 Pro Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required ...
Show More |
|||||
| CVE-2019-15464 | 1 Samsung | 2 Galaxy J7 Pro, Galaxy J7 Pro Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required b ...
Show More |
|||||
| CVE-2019-15463 | 1 Samsung | 2 Galaxy J7 Prime, Galaxy J7 Prime Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that a ...
Show More |
|||||
| CVE-2019-15462 | 1 Samsung | 2 Galaxy J7 Duo, Galaxy J7 Duo Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required b ...
Show More |
|||||
| CVE-2019-15461 | 1 Samsung | 2 Galaxy J7 Neo, Galaxy J7 Neo Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by ...
Show More |
|||||
| CVE-2019-15460 | 1 Samsung | 2 Galaxy J7 Neo, Galaxy J7 Neo Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by ...
Show More |
|||||
| CVE-2019-15459 | 1 Samsung | 2 Galaxy J7 Neo, Galaxy J7 Neo Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by ...
Show More |
|||||
| CVE-2019-15458 | 1 Samsung | 2 Galaxy J7 Neo, Galaxy J7 Neo Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by ...
Show More |
|||||
| CVE-2019-15457 | 1 Samsung | 2 Galaxy J6, Galaxy J6 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other o ...
Show More |
|||||
| CVE-2019-15456 | 1 Samsung | 2 Galaxy J6, Galaxy J6 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other o ...
Show More |
|||||
| CVE-2019-15455 | 1 Samsung | 2 Galaxy J5, Galaxy J5 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by ot ...
Show More |
|||||