Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18200 | 1 Fujitsu | 2 Lx390, Lx390 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. | ||||
| CVE-2019-18195 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. | ||||
| CVE-2019-18194 | 1 Totalav | 1 Totalav 2020 | 2024-11-21 | 7.8 High |
| TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | ||||
| CVE-2019-18181 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 7.8 High |
| In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI. | ||||
| CVE-2019-18179 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. | ||||
| CVE-2019-17673 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 7.5 High |
| WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | ||||
| CVE-2019-17668 | 1 Samsung | 4 Galaxy S10, Galaxy S10 Firmware, Note 10 and 1 more | 2024-11-21 | 6.8 Medium |
| Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. | ||||
| CVE-2019-17584 | 1 Meinbergglobal | 2 Syncbox\/ptpv2, Syncbox\/ptpv2 Firmware | 2024-11-21 | 7.5 High |
| The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor. | ||||
| CVE-2019-17528 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | ||||
| CVE-2019-17514 | 1 Python | 1 Python | 2024-11-21 | 7.5 High |
| library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. | ||||
| CVE-2019-17436 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 7.1 High |
| A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | ||||
| CVE-2019-17435 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 5.5 Medium |
| A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | ||||
| CVE-2019-17426 | 1 Mongoosejs | 1 Mongoose | 2024-11-21 | 9.1 Critical |
| Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project). | ||||
| CVE-2019-17414 | 1 Vino Project | 1 Vino | 2024-11-21 | 7.5 High |
| tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL. | ||||
| CVE-2019-17390 | 1 Pronestor | 1 Planner | 2024-11-21 | 7.8 High |
| An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control is mishandled, aka PNB-2359. | ||||
| CVE-2019-17389 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted. | ||||
| CVE-2019-17387 | 4 Apple, Aviatrix, Linux and 1 more | 4 Macos, Vpn Client, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS. | ||||
| CVE-2019-17373 | 1 Netgear | 20 Dgn2200, Dgn2200 Firmware, Dgn2200m and 17 more | 2024-11-21 | 9.8 Critical |
| Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. | ||||
| CVE-2019-17366 | 1 Citrix | 1 Application Delivery Management | 2024-11-21 | 8.8 High |
| Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. | ||||
| CVE-2019-17345 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. | ||||