Total
9115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18286 | 1 Siemens | 1 Sppa-t3000 Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-17671 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | |||||
| CVE-2019-17321 | 1 Clipsoft | 1 Rexpert | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required. | |||||
| CVE-2019-17018 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | |||||
| CVE-2019-16908 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. | |||||
| CVE-2019-16320 | 1 Cobham | 22 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware, Sailor 800 Vsat and 19 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community. | |||||
| CVE-2019-16285 | 1 Hp | 1 Thinpro Linux | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. | |||||
| CVE-2019-16177 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | |||||
| CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | |||||
| CVE-2019-15963 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks. | |||||
| CVE-2019-15902 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | |||||
| CVE-2019-15891 | 1 Cksource | 1 Ckfinder | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. | |||||
| CVE-2019-15859 | 1 Socomec | 2 Diris A-40, Diris A-40 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. | |||||
| CVE-2019-15740 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | |||||
| CVE-2019-15738 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | |||||
| CVE-2019-15734 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. | |||||
| CVE-2019-15733 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. | |||||
| CVE-2019-15727 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. | |||||
| CVE-2019-15656 | 1 Dlink | 4 Dsl-2875al, Dsl-2875al Firmware, Dsl-2877al and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | |||||
| CVE-2019-15594 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. | |||||