Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15826 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | N/A |
| The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. | ||||
| CVE-2019-15825 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | N/A |
| The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. | ||||
| CVE-2019-15824 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | N/A |
| The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. | ||||
| CVE-2019-15823 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | N/A |
| The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. | ||||
| CVE-2019-15821 | 1 Bold-themes | 1 Bold Page Builder | 2024-11-21 | N/A |
| The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. | ||||
| CVE-2019-15804 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. | ||||
| CVE-2019-15789 | 1 Canonical | 1 Microk8s | 2024-11-21 | 8.8 High |
| Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3. | ||||
| CVE-2019-15742 | 1 Plantronics | 1 Plantronics Hub | 2024-11-21 | 7.8 High |
| A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges. | ||||
| CVE-2019-15741 | 1 Gitlab | 1 Omnibus | 2024-11-21 | 9.8 Critical |
| An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation | ||||
| CVE-2019-15737 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. | ||||
| CVE-2019-15732 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. | ||||
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | ||||
| CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2024-11-21 | 8.0 High |
| Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | ||||
| CVE-2019-15718 | 3 Fedoraproject, Redhat, Systemd Project | 15 Fedora, Enterprise Linux, Enterprise Linux Eus and 12 more | 2024-11-21 | 4.4 Medium |
| In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | ||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 7.2 High |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | ||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | ||||
| CVE-2019-15707 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 4.9 Medium |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | ||||
| CVE-2019-15698 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A |
| In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. | ||||
| CVE-2019-15687 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 6.5 Medium |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. | ||||
| CVE-2019-15686 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 4.3 Medium |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass. | ||||