Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15685 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 4.3 Medium |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. | ||||
| CVE-2019-15684 | 2 Google, Kaspersky | 2 Chrome, Protection | 2024-11-21 | 4.3 Medium |
| Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions. | ||||
| CVE-2019-15657 | 1 Eslint-utils Project | 1 Eslint-utils | 2024-11-21 | N/A |
| In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. | ||||
| CVE-2019-15650 | 1 Easyupdatesmanager | 1 Easy Updates Manager | 2024-11-21 | N/A |
| The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. | ||||
| CVE-2019-15631 | 1 Mulesoft | 2 Api Gateway, Mule Runtime | 2024-11-21 | 9.8 Critical |
| Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. | ||||
| CVE-2019-15629 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 7.5 High |
| Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | ||||
| CVE-2019-15625 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 5.5 Medium |
| A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. | ||||
| CVE-2019-15623 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports Sle, Package Hub | 2024-11-21 | 5.3 Medium |
| Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | ||||
| CVE-2019-15617 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.4 Medium |
| A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | ||||
| CVE-2019-15595 | 1 Ui | 1 Unifi Video Controller | 2024-11-21 | 8.8 High |
| A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. | ||||
| CVE-2019-15594 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. | ||||
| CVE-2019-15592 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. | ||||
| CVE-2019-15579 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | ||||
| CVE-2019-15522 | 1 Linbit | 1 Csync2 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | ||||
| CVE-2019-15514 | 1 Telegram | 1 Telegram | 2024-11-21 | N/A |
| The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. | ||||
| CVE-2019-15502 | 1 Teamspeak | 1 Teamspeak | 2024-11-21 | N/A |
| The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE). | ||||
| CVE-2019-15493 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A |
| openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | ||||
| CVE-2019-15471 | 1 Mi | 2 Mix 2s, Mix 2s Firmware | 2024-11-21 | 5.5 Medium |
| The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. | ||||
| CVE-2019-15470 | 1 Mi | 2 Redmi Note 6 Pro, Redmi Note 6 Pro Firmware | 2024-11-21 | 5.5 Medium |
| The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. | ||||
| CVE-2019-15469 | 1 Mi | 2 Pad 4, Pad 4 Firmware | 2024-11-21 | 5.5 Medium |
| The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. | ||||