Total
33260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16019 | 1 Cisco | 20 Asr 9000, Asr 9010, Asr 9904 and 17 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2019-15963 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks. | |||||
| CVE-2019-15893 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | |||||
| CVE-2019-15863 | 1 Convertplug | 1 Convertplus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. | |||||
| CVE-2019-15854 | 1 Maarch | 1 Maarch Rm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource. | |||||
| CVE-2019-15846 | 2 Debian, Exim | 2 Debian Linux, Exim | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |||||
| CVE-2019-15845 | 2 Canonical, Ruby-lang | 2 Ubuntu Linux, Ruby | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. | |||||
| CVE-2019-15826 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. | |||||
| CVE-2019-15825 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. | |||||
| CVE-2019-15824 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. | |||||
| CVE-2019-15823 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. | |||||
| CVE-2019-15821 | 1 Bold-themes | 1 Bold Page Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. | |||||
| CVE-2019-15804 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. | |||||
| CVE-2019-15789 | 1 Canonical | 1 Microk8s | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3. | |||||
| CVE-2019-15742 | 1 Plantronics | 1 Plantronics Hub | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges. | |||||
| CVE-2019-15741 | 1 Gitlab | 1 Omnibus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation | |||||
| CVE-2019-15737 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. | |||||
| CVE-2019-15732 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. | |||||
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | |||||
| CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | |||||