Total
33260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18997 | 1 Abb | 1 Pb610 Panel Builder 600 | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access. | |||||
| CVE-2019-18981 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | |||||
| CVE-2019-18979 | 1 Claranova | 1 Adaware Antivirus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | |||||
| CVE-2019-18948 | 1 Arista | 1 Eos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train. | |||||
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.2 MEDIUM | 7.3 HIGH |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | |||||
| CVE-2019-18933 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | |||||
| CVE-2019-18928 | 3 Cyrus, Debian, Fedoraproject | 3 Imap, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | |||||
| CVE-2019-18913 | 1 Hp | 66 Elite Dragonfly, Elite Dragonfly Firmware, Elite X2 G4 and 63 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02). | |||||
| CVE-2019-18912 | 1 Hp | 23 Futuresmart 4, Laserjet Enterprise Flow Mfp M527 F2a78v, Laserjet Enterprise Flow Mfp M527 F2a79a and 20 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. | |||||
| CVE-2019-18864 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | |||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | |||||
| CVE-2019-18855 | 1 10up | 1 Safe Svg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | |||||
| CVE-2019-18841 | 1 Chartkick | 1 Chartkick.js | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | |||||
| CVE-2019-18802 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers. | |||||
| CVE-2019-18642 | 1 Sparkdevnetwork | 1 Rock Rms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account. | |||||
| CVE-2019-18641 | 1 Sparkdevnetwork | 1 Rock Rms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. | |||||
| CVE-2019-18629 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. | |||||
| CVE-2019-18628 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | |||||
| CVE-2019-18625 | 4 Debian, Linux, Microsoft and 1 more | 4 Debian Linux, Linux Kernel, Windows and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets. | |||||
| CVE-2019-18624 | 1 Opera | 1 Mini | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. | |||||