Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19232 | 2 Redhat, Sudo | 2 Enterprise Linux, Sudo | 2024-11-21 | 7.5 High |
| In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions | ||||
| CVE-2019-19219 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download. | ||||
| CVE-2019-19195 | 1 Microchip | 2 Atmsamb11 Blusdk Smart, Atsamb11 | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | ||||
| CVE-2019-19194 | 1 Telink-semi | 10 Tlsr8232, Tlsr8232 Ble Sdk, Tlsr8251 and 7 more | 2024-11-21 | 8.8 High |
| The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK. | ||||
| CVE-2019-19193 | 1 Ti | 4 Ble-stack, Cc2540\/1, Cc2640r2 and 1 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | ||||
| CVE-2019-19169 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2024-11-21 | 7.8 High |
| Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | ||||
| CVE-2019-19168 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2024-11-21 | 7.8 High |
| Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | ||||
| CVE-2019-19167 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 7.8 High |
| Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution. | ||||
| CVE-2019-19166 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.8 High |
| Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution. | ||||
| CVE-2019-19164 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2024-11-21 | 7.8 High |
| dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | ||||
| CVE-2019-19163 | 1 Commax | 1 Cdp-1020mb Firmware | 2024-11-21 | 7.5 High |
| A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL. | ||||
| CVE-2019-19138 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 7.5 High |
| Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. | ||||
| CVE-2019-19023 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 8.8 High |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-18997 | 1 Abb | 1 Pb610 Panel Builder 600 | 2024-11-21 | 4.3 Medium |
| The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access. | ||||
| CVE-2019-18981 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 9.8 Critical |
| Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | ||||
| CVE-2019-18979 | 1 Claranova | 1 Adaware Antivirus | 2024-11-21 | 7.8 High |
| Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | ||||
| CVE-2019-18948 | 1 Arista | 1 Eos | 2024-11-21 | 7.5 High |
| An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train. | ||||
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 7.3 High |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | ||||
| CVE-2019-18933 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 9.8 Critical |
| In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | ||||
| CVE-2019-18928 | 4 Cyrus, Debian, Fedoraproject and 1 more | 4 Imap, Debian Linux, Fedora and 1 more | 2024-11-21 | 9.8 Critical |
| Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | ||||