Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12867 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | ||||
| CVE-2019-12854 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it. | ||||
| CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12812 | 2 Activesoft, Microsoft | 2 Mybuilder, Windows | 2024-11-21 | 9.8 Critical |
| MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. | ||||
| CVE-2019-12809 | 1 Yes24 | 1 Viewer Activex | 2024-11-21 | 8.8 High |
| Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution. | ||||
| CVE-2019-12789 | 1 Actiontec | 2 T2200h, T2200h Firmware | 2024-11-21 | N/A |
| An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device. | ||||
| CVE-2019-12764 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users. | ||||
| CVE-2019-12763 | 1 Securitycamera | 1 Security Camera Cz | 2024-11-21 | N/A |
| The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application. | ||||
| CVE-2019-12762 | 6 Fujitsu, Google, Mi and 3 more | 16 Arrows Nx F05-f, Arrows Nx F05-f Firmware, Nexus 7 and 13 more | 2024-11-21 | 4.2 Medium |
| Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | ||||
| CVE-2019-12759 | 1 Symantec | 2 Endpoint Protection Manager, Mail Security | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12757 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12756 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 2.3 Low |
| Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. | ||||
| CVE-2019-12755 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 5.5 Medium |
| Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | ||||
| CVE-2019-12753 | 1 Symantec | 1 Reporter | 2024-11-21 | N/A |
| An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. | ||||
| CVE-2019-12751 | 1 Symantec | 1 Message Gateway | 2024-11-21 | N/A |
| Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12733 | 1 Sitevision | 1 Sitevision | 2024-11-21 | 8.8 High |
| SiteVision 4 allows Remote Code Execution. | ||||
| CVE-2019-12656 | 1 Cisco | 30 Cgr 1000, Cgr 1000 Firmware, Ic3000 and 27 more | 2024-11-21 | 7.5 High |
| A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. | ||||
| CVE-2019-12617 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 2.7 Low |
| In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. | ||||
| CVE-2019-12612 | 1 Bitdefender | 2 Box, Box Firmware | 2024-11-21 | 7.8 High |
| An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. | ||||
| CVE-2019-12594 | 2 Debian, Dosbox | 2 Debian Linux, Dosbox | 2024-11-21 | N/A |
| DOSBox 0.74-2 has Incorrect Access Control. | ||||