Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17389 | 1 Riot-os | 1 Riot | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted. | |||||
| CVE-2019-17390 | 1 Pronestor | 1 Planner | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control is mishandled, aka PNB-2359. | |||||
| CVE-2019-17436 | 1 Paloaltonetworks | 1 Globalprotect | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | |||||
| CVE-2019-17528 | 1 Axiosys | 1 Bento4 | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | |||||
| CVE-2019-18194 | 1 Totalav | 1 Totalav 2020 | 2020-08-24 | 6.9 MEDIUM | 7.8 HIGH |
| TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | |||||
| CVE-2019-18195 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. | |||||
| CVE-2019-18278 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. | |||||
| CVE-2019-18352 | 1 Phoenixcontact | 4 Fl Nat 2208, Fl Nat 2208 Firmware, Fl Nat 2304-2gc-2sfp and 1 more | 2020-08-24 | 4.3 MEDIUM | 8.2 HIGH |
| Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. | |||||
| CVE-2019-18368 | 1 Jetbrains | 1 Toolbox | 2020-08-24 | 7.5 HIGH | 7.3 HIGH |
| In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | |||||
| CVE-2019-18372 | 1 Symantec | 1 Endpoint Protection | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2019-18377 | 1 Symantec | 1 Messaging Gateway | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2019-18625 | 3 Linux, Microsoft, Suricata-ids | 3 Linux Kernel, Windows, Suricata | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets. | |||||
| CVE-2019-18855 | 1 Safe Svg Project | 1 Safe Svg | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | |||||
| CVE-2019-18841 | 1 Chartkick | 1 Chartkick.js | 2020-08-24 | 7.5 HIGH | 7.3 HIGH |
| Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | |||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | |||||
| CVE-2019-18979 | 1 Claranova | 1 Adaware Antivirus | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | |||||
| CVE-2019-19194 | 1 Telink-semi | 10 Tlsr8232, Tlsr8232 Ble Sdk, Tlsr8251 and 7 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK. | |||||
| CVE-2019-19241 | 1 Linux | 1 Linux Kernel | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. | |||||
| CVE-2019-19244 | 2 Canonical, Sqlite | 2 Ubuntu Linux, Sqlite | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | |||||
| CVE-2019-19247 | 1 Ea | 1 Origin | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). | |||||
| CVE-2019-19248 | 1 Ea | 1 Origin | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). | |||||
| CVE-2019-19501 | 1 Idrix | 1 Veracrypt | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. | |||||
| CVE-2019-19548 | 1 Norton | 1 Power Eraser | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2019-19774 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column. | |||||
| CVE-2019-1985 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0Android ID: A-118694079 | |||||
| CVE-2019-20097 | 1 Atlassian | 1 Bitbucket | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content. | |||||
| CVE-2019-20490 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). | |||||
| CVE-2019-20492 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). | |||||
| CVE-2019-2054 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 | |||||
| CVE-2019-6797 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI. | |||||
| CVE-2019-20577 | 1 Google | 1 Android | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The MALI GPU Driver allows a kernel panic. The Samsung ID is SVE-2019-14372 (August 2019). | |||||
| CVE-2019-20608 | 1 Google | 1 Android | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019). | |||||
| CVE-2019-20612 | 1 Google | 1 Android | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019). | |||||
| CVE-2019-20641 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. | |||||
| CVE-2019-20642 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2020-08-24 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. | |||||
| CVE-2019-2281 | 1 Qualcomm | 40 Qcs405, Qcs405 Firmware, Qcs605 and 37 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130 | |||||
| CVE-2019-20690 | 1 Netgear | 16 D6200, D6200 Firmware, D7000 and 13 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54. | |||||
| CVE-2019-20760 | 1 Netgear | 2 R9000, R9000 Firmware | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass. | |||||
| CVE-2019-2424 | 1 Oracle | 1 Retail Convenience Store Back Office | 2020-08-24 | 7.5 HIGH | 7.3 HIGH |
| Vulnerability in the Oracle Retail Convenience Store Back Office component of Oracle Retail Applications (subcomponent: Level 3 Maintenance Functions). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Convenience Store Back Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Convenience Store Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Convenience Store Back Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Convenience Store Back Office. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2019-2132 | 1 Google | 1 Android | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130568701. | |||||
| CVE-2019-2182 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2400 | 1 Oracle | 1 E-business Suite | 2020-08-24 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2019-2274 | 1 Qualcomm | 74 Apq8017, Apq8017 Firmware, Apq8053 and 71 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, IPQ8074, MDM9150, MDM9650, MDM9655, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA8081, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2019-2401 | 1 Oracle | 1 Hospitality Reporting And Analytics | 2020-08-24 | 5.5 MEDIUM | 8.1 HIGH |
| Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2019-2402 | 1 Oracle | 1 Hospitality Simphony | 2020-08-24 | 6.8 MEDIUM | 7.7 HIGH |
| Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). | |||||
| CVE-2019-2308 | 1 Qualcomm | 70 Mdm9150, Mdm9150 Firmware, Mdm9607 and 67 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2019-2405 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2020-08-24 | 6.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2019-2338 | 1 Qualcomm | 38 Mdm9205, Mdm9205 Firmware, Msm8998 and 35 more | 2020-08-24 | 3.6 LOW | 7.1 HIGH |
| Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | |||||
| CVE-2019-2406 | 1 Oracle | 1 Database | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2019-2411 | 1 Oracle | 1 Hospitality Cruise Shipboard Property Management System | 2020-08-24 | 4.9 MEDIUM | 7.6 HIGH |
| Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H). | |||||