Total
9118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8620 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address. | |||||
| CVE-2019-8567 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address. | |||||
| CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 | |||||
| CVE-2019-7852 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | |||||
| CVE-2019-7628 | 1 Redhat | 1 Pagure | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.) | |||||
| CVE-2019-7619 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. | |||||
| CVE-2019-7535 | 1 Gurock | 1 Testrail | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology. | |||||
| CVE-2019-7436 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7434 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7431 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7429 | 1 Property Rental Software Project | 1 Property Rental Software | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. | |||||
| CVE-2019-7388 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. | |||||
| CVE-2019-7353 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. | |||||
| CVE-2019-7312 | 1 Primx | 3 Zed, Zedmail, Zonecentral | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it. | |||||
| CVE-2019-7305 | 3 Canonical, Debian, Extplorer | 3 Ubuntu Linux, Debian Linux, Extplorer | 2024-11-21 | 7.5 HIGH | 5.8 MEDIUM |
| Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian | |||||
| CVE-2019-7259 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. | |||||
| CVE-2019-7005 | 1 Avaya | 1 Ip Office | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. | |||||
| CVE-2019-6852 | 1 Schneider-electric | 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. | |||||
| CVE-2019-6851 | 1 Schneider-electric | 46 Modicon M340, Modicon M340 Firmware, Modicon M580 and 43 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol. | |||||
| CVE-2019-6850 | 1 Schneider-electric | 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. | |||||