Total
34059 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7284 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | ||||
| CVE-2019-7283 | 2 Debian, Netkit | 2 Debian Linux, Netkit | 2024-11-21 | 7.4 High |
| An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. | ||||
| CVE-2019-7282 | 3 Debian, Fedoraproject, Netkit | 3 Debian Linux, Fedora, Netkit | 2024-11-21 | 5.9 Medium |
| In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. | ||||
| CVE-2019-7277 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | N/A |
| Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. | ||||
| CVE-2019-7276 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | N/A |
| Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. | ||||
| CVE-2019-7247 | 1 Amd | 1 Overdrive | 2024-11-21 | 9.8 Critical |
| An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | ||||
| CVE-2019-7246 | 1 Amd | 1 Atillk64 | 2024-11-21 | 6.7 Medium |
| An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | ||||
| CVE-2019-7222 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2024-11-21 | 5.5 Medium |
| The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | ||||
| CVE-2019-7216 | 1 Encodable | 1 Filechucker | 2024-11-21 | N/A |
| An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php. | ||||
| CVE-2019-7176 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.7 Low |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. | ||||
| CVE-2019-7174 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | N/A |
| Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations. | ||||
| CVE-2019-7159 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.10.1 and earlier allows Information Exposure. | ||||
| CVE-2019-7158 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.10.0 and earlier has Incorrect Access Control. | ||||
| CVE-2019-7107 | 3 Adobe, Apple, Microsoft | 3 Indesign, Mac Os X, Windows | 2024-11-21 | 9.8 Critical |
| Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. | ||||
| CVE-2019-7097 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2024-11-21 | N/A |
| Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack. | ||||
| CVE-2019-7089 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | N/A |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a data leakage (sensitive) vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2019-7041 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | N/A |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2019-7005 | 1 Avaya | 1 Ip Office | 2024-11-21 | 7.5 High |
| A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. | ||||
| CVE-2019-6973 | 2 Genivia, Sricam | 16 Gsoap, Nvs001, Sh016 and 13 more | 2024-11-21 | N/A |
| Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds. | ||||
| CVE-2019-6971 | 1 Tp-link | 2 Tl-wr1043nd, Tl-wr1043nd Firmware | 2024-11-21 | N/A |
| An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials. | ||||