Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14336 | 1 Dlink | 4 6600-ap, 6600-ap Firmware, Dwl-3600ap and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request. | ||||
| CVE-2019-14335 | 1 Dlink | 4 6600-ap, 6600-ap Firmware, Dwl-3600ap and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI. | ||||
| CVE-2019-14333 | 1 Dlink | 4 6600-ap, 6600-ap Firmware, Dwl-3600ap and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi. | ||||
| CVE-2019-14306 | 1 Ricoh | 96 M 2700, M 2700 Firmware, M 2701 and 93 more | 2024-11-21 | 7.5 High |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2). | ||||
| CVE-2019-14303 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2024-11-21 | 7.5 High |
| Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. | ||||
| CVE-2019-14302 | 1 Ricoh | 121 M 2700, M 2700 Firmware, M 2701 and 118 more | 2024-11-21 | 6.8 Medium |
| On Ricoh SP C250DN 1.06 devices, a debug port can be used. | ||||
| CVE-2019-14278 | 1 Knowage-suite | 1 Knowage | 2024-11-21 | N/A |
| In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. | ||||
| CVE-2019-14270 | 1 Comodo | 3 Antivirus, Firewall, Internet Security | 2024-11-21 | N/A |
| Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. | ||||
| CVE-2019-14214 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2024-11-21 | N/A |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function. | ||||
| CVE-2019-14213 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. | ||||
| CVE-2019-14092 | 1 Qualcomm | 16 Mdm9206, Mdm9206 Firmware, Mdm9207c and 13 more | 2024-11-21 | 5.5 Medium |
| System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130 | ||||
| CVE-2019-14071 | 1 Qualcomm | 86 Apq8017, Apq8017 Firmware, Apq8053 and 83 more | 2024-11-21 | 7.8 High |
| Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ6018, MDM9205, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | ||||
| CVE-2019-14025 | 1 Qualcomm | 20 Kamorta, Kamorta Firmware, Qcs404 and 17 more | 2024-11-21 | 5.5 Medium |
| u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 | ||||
| CVE-2019-13991 | 1 Arduino | 2 Arduino, Arduino Firmware | 2024-11-21 | N/A |
| Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity. | ||||
| CVE-2019-13982 | 1 Rangerstudio | 1 Directus 7 | 2024-11-21 | N/A |
| interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. | ||||
| CVE-2019-13967 | 1 Combodo | 1 Itop | 2024-11-21 | 7.5 High |
| iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version. | ||||
| CVE-2019-13953 | 1 Xiaoyi | 2 Yi M1 Mirrorless Camera, Yi M1 Mirrorless Camera Firmware | 2024-11-21 | N/A |
| An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication. | ||||
| CVE-2019-13763 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 4.3 Medium |
| Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13761 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 4.3 Medium |
| Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2019-13759 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 4.3 Medium |
| Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||