Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15293 | 1 Acdsee | 1 Photo Studio | 2024-11-21 | N/A |
| An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060. | ||||
| CVE-2019-15237 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 7.4 High |
| Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. | ||||
| CVE-2019-15137 | 1 Eprosima | 1 Fast-rtps | 2024-11-21 | N/A |
| The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network. | ||||
| CVE-2019-15111 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2024-11-21 | N/A |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue. | ||||
| CVE-2019-15088 | 1 Prise | 1 Adas | 2024-11-21 | 9.8 Critical |
| An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. | ||||
| CVE-2019-15080 | 1 Morph Project | 1 Morph | 2024-11-21 | 7.5 High |
| An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack. | ||||
| CVE-2019-15079 | 1 Eai Project | 1 Eai | 2024-11-21 | 7.5 High |
| A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free. | ||||
| CVE-2019-15078 | 1 Xbornid | 1 Xbornid | 2024-11-21 | 7.5 High |
| An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free. | ||||
| CVE-2019-15069 | 1 Gigastone | 2 Smart Battery A4, Smart Battery A4 Firmware | 2024-11-21 | 9.8 Critical |
| An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. | ||||
| CVE-2019-15067 | 1 Gigastone | 2 Smart Battery A2-25de, Smart Battery A2-25de Firmware | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. | ||||
| CVE-2019-15066 | 1 Hinet | 2 Gpon, Gpon Firmware | 2024-11-21 | 10 Critical |
| An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2019-15065 | 1 Hinet | 2 Gpon, Gpon Firmware | 2024-11-21 | 9.3 Critical |
| A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | ||||
| CVE-2019-15038 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. | ||||
| CVE-2019-15035 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.9 Medium |
| An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | ||||
| CVE-2019-15028 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. | ||||
| CVE-2019-15009 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.3 Medium |
| The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | ||||
| CVE-2019-14986 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-11-21 | N/A |
| eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed. | ||||
| CVE-2019-14940 | 1 Spdk | 1 Storage Performance Development Kit | 2024-11-21 | N/A |
| In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. | ||||
| CVE-2019-14939 | 1 Mysql Project | 1 Mysql | 2024-11-21 | N/A |
| An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | ||||
| CVE-2019-14936 | 1 Easyappointments | 1 Easy\!appointments | 2024-11-21 | 5.3 Medium |
| Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). | ||||