Total
34059 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4054 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.3 Low |
| IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563. | ||||
| CVE-2019-4052 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.5 High |
| IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. | ||||
| CVE-2019-4045 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 4.3 Medium |
| IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. | ||||
| CVE-2019-4039 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 5.5 Medium |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163. | ||||
| CVE-2019-4034 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 8.8 High |
| IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000. | ||||
| CVE-2019-4031 | 1 Ibm | 1 Tivoli Workload Scheduler | 2024-11-21 | 7.8 High |
| IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997. | ||||
| CVE-2019-3974 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2024-11-21 | N/A |
| Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. | ||||
| CVE-2019-3971 | 1 Comodo | 1 Antivirus | 2024-11-21 | N/A |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". A low privileged local process can connect to this port and send an LPC_DATAGRAM, which triggers an Access Violation due to hardcoded NULLs used for Source parameter in a memcpy operation that is called for this handler. This results in CmdVirth.exe and its child svchost.exe instances to terminate. | ||||
| CVE-2019-3969 | 1 Comodo | 1 Antivirus | 2024-11-21 | N/A |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges. | ||||
| CVE-2019-3936 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.5 High |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow. | ||||
| CVE-2019-3910 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2024-11-21 | N/A |
| Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. | ||||
| CVE-2019-3894 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Single Sign On, Wildfly | 2024-11-21 | 8.8 High |
| It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. | ||||
| CVE-2019-3874 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 6.5 Medium |
| The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | ||||
| CVE-2019-3852 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities | ||||
| CVE-2019-3851 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A |
| A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. | ||||
| CVE-2019-3839 | 6 Artifex, Canonical, Debian and 3 more | 6 Ghostscript, Ubuntu Linux, Debian Linux and 3 more | 2024-11-21 | 7.8 High |
| It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. | ||||
| CVE-2019-3806 | 1 Powerdns | 1 Recursor | 2024-11-21 | 8.1 High |
| An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. | ||||
| CVE-2019-3742 | 1 Dell | 1 Digital Delivery | 2024-11-21 | 7.8 High |
| Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges. | ||||
| CVE-2019-3734 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2024-11-21 | N/A |
| Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users. | ||||
| CVE-2019-3724 | 1 Rsa | 2 Netwitness Platform, Security Analytics | 2024-11-21 | N/A |
| RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including credentials. | ||||