Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14654 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. | ||||
| CVE-2019-14630 | 1 Intel | 26 Dsl3310 Thunderbolt, Dsl3310 Thunderbolt Firmware, Dsl3510 Thunderbolt and 23 more | 2024-11-21 | 4.6 Medium |
| Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. | ||||
| CVE-2019-14626 | 1 Intel | 2 Field Programmable Gate Array Programmable Acceleration Card N3000, Field Programmable Gate Array Programmable Acceleration Card N3000 Firmware | 2024-11-21 | 6.7 Medium |
| Improper access control in PCIe function for the IntelĀ® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14620 | 1 Intel | 22 Ac 3165, Ac 3165 Firmware, Ac 3168 and 19 more | 2024-11-21 | 6.5 Medium |
| Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. | ||||
| CVE-2019-14615 | 3 Canonical, Intel, Redhat | 710 Ubuntu Linux, Atom E3805, Atom E3805 Firmware and 707 more | 2024-11-21 | 5.5 Medium |
| Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-14613 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | 7.8 High |
| Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14596 | 1 Intel | 1 Chipset Inf Utility | 2024-11-21 | 5.5 Medium |
| Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-14587 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 6.5 Medium |
| Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2019-14575 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 7.8 High |
| Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14525 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-11-21 | N/A |
| In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. | ||||
| CVE-2019-14483 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 8.8 High |
| AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. | ||||
| CVE-2019-14458 | 1 Vivotek | 1 Camera | 2024-11-21 | 7.5 High |
| VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | ||||
| CVE-2019-14454 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | ||||
| CVE-2019-14441 | 1 Libav | 1 Libav | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129 | ||||
| CVE-2019-14422 | 1 Tortoisesvn | 1 Tortoisesvn | 2024-11-21 | N/A |
| An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside. | ||||
| CVE-2019-14417 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | N/A |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | ||||
| CVE-2019-14416 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 7.2 High |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | ||||
| CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | ||||
| CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | ||||
| CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | ||||