Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15493 | 1 It-novum | 1 Openitcockpit | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | |||||
| CVE-2019-15498 | 1 Getvera | 2 Vera Edge, Vera Edge Firmware | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. | |||||
| CVE-2019-15502 | 1 Teamspeak | 1 Teamspeak | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE). | |||||
| CVE-2019-15526 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. | |||||
| CVE-2019-15527 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | |||||
| CVE-2019-15528 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | |||||
| CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | |||||
| CVE-2019-15530 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | |||||
| CVE-2019-15540 | 1 Cdemu | 1 Libmirage | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user. | |||||
| CVE-2019-15542 | 1 Ammonia Project | 1 Ammonia | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. | |||||
| CVE-2019-15545 | 1 Libp2p | 1 Libp2p | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures. | |||||
| CVE-2019-15549 | 1 Asn1 Der Project | 1 Asn1 Der | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. | |||||
| CVE-2019-15553 | 1 Memoffset Project | 1 Memoffset | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory. | |||||
| CVE-2019-15626 | 1 Trendmicro | 1 Deep Security | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability. | |||||
| CVE-2019-15627 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected. | |||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | |||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | |||||
| CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2020-08-24 | 5.2 MEDIUM | 8.0 HIGH |
| Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | |||||
| CVE-2019-1572 | 1 Paloaltonetworks | 1 Pan-os | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | |||||
| CVE-2019-15720 | 1 Cloudberrylab | 1 Backup | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM. | |||||
| CVE-2019-15722 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | |||||
| CVE-2019-15725 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. | |||||
| CVE-2019-15736 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. | |||||
| CVE-2019-15742 | 1 Plantronics | 1 Plantronics Hub | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges. | |||||
| CVE-2019-1576 | 1 Paloaltonetworks | 1 Pan-os | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | |||||
| CVE-2019-15767 | 1 Gnu | 1 Chess | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. | |||||
| CVE-2019-1579 | 1 Paloaltonetworks | 1 Pan-os | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | |||||
| CVE-2019-15804 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. | |||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
| CVE-2019-1582 | 1 Paloaltonetworks | 1 Pan-os | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | |||||
| CVE-2019-15821 | 1 Bold-themes | 1 Bold Page Builder | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. | |||||
| CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2020-08-24 | 6.0 MEDIUM | 8.0 HIGH |
| Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | |||||
| CVE-2019-15839 | 1 Shaosina | 1 Sina Extension For Elementor | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | |||||
| CVE-2019-15850 | 1 Eq-3 | 2 Homematic Ccu3, Homematic Ccu3 Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system. | |||||
| CVE-2019-15854 | 1 Maarch | 1 Maarch Rm | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource. | |||||
| CVE-2019-15858 | 1 Webcraftic | 1 Woody Ad Snippets | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. | |||||
| CVE-2019-15863 | 1 Convertplug | 1 Convertplus | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. | |||||
| CVE-2019-15893 | 1 Sonatype | 1 Nexus Repository Manager | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | |||||
| CVE-2019-15895 | 1 Search Exclude Project | 1 Search Exclude | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes. | |||||
| CVE-2019-15901 | 2 Doas Project, Linux | 2 Doas, Linux Kernel | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids. | |||||
| CVE-2019-15916 | 1 Linux | 1 Linux Kernel | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | |||||
| CVE-2019-13139 | 1 Docker | 1 Docker | 2020-08-24 | 4.6 MEDIUM | 8.4 HIGH |
| In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. | |||||
| CVE-2019-13149 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings. | |||||
| CVE-2019-1315 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | |||||
| CVE-2019-13151 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. | |||||
| CVE-2019-13153 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. | |||||
| CVE-2019-13154 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. | |||||
| CVE-2019-13155 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. | |||||
| CVE-2019-1316 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-13166 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | |||||