Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9193 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. | |||||
| CVE-2018-9501 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 | |||||
| CVE-2018-9525 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 | |||||
| CVE-2019-15863 | 1 Convertplug | 1 Convertplus | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. | |||||
| CVE-2019-15893 | 1 Sonatype | 1 Nexus Repository Manager | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | |||||
| CVE-2019-16056 | 1 Python | 1 Python | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | |||||
| CVE-2019-16060 | 1 Airbrake | 1 Airbrake Ruby | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). | |||||
| CVE-2019-16100 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. | |||||
| CVE-2019-16103 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. | |||||
| CVE-2019-16109 | 1 Plataformatec | 1 Devise | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.) | |||||
| CVE-2019-16110 | 1 Blade-group | 1 Shadow | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. | |||||
| CVE-2019-16155 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. | |||||
| CVE-2019-16170 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.5 MEDIUM | 7.1 HIGH |
| An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | |||||
| CVE-2019-16181 | 1 Limesurvey | 1 Limesurvey | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| In Limesurvey before 3.17.14, admin users can mark other users' notifications as read. | |||||
| CVE-2019-16214 | 1 Libra | 1 Libra Core | 2020-08-24 | 3.5 LOW | 5.7 MEDIUM |
| Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character. | |||||
| CVE-2019-16247 | 1 Deltaww | 1 Dcisoft | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. | |||||
| CVE-2019-16382 | 1 Ivanti | 1 Workspace Control | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file. | |||||
| CVE-2019-18181 | 1 Arista | 1 Cloudvision Portal | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI. | |||||
| CVE-2019-16251 | 1 Yithemes | 38 Yith Advanced Refund System For Woocommerce, Yith Color And Label Variations For Woocommerce, Yith Custom Thank You Page For Woocommerce and 35 more | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | |||||
| CVE-2019-16253 | 1 Samsung | 1 Text-to-speech | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. | |||||
| CVE-2019-16256 | 1 Samsung | 2 Samsung, Samsung Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | |||||
| CVE-2019-16257 | 1 Motorola | 2 Motorola, Motorola Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | |||||
| CVE-2019-16273 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS. | |||||
| CVE-2019-16401 | 1 Samsung | 6 Galaxy Note 2, Galaxy Note 2 Firmware, Galaxy S3 and 3 more | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status. | |||||
| CVE-2019-16284 | 1 Hp | 204 260 G1 Dm, 260 G1 Dm Firmware, 280 Pro G1 and 201 more | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. | |||||
| CVE-2019-16287 | 1 Hp | 1 Thinpro | 2020-08-24 | 7.2 HIGH | 6.8 MEDIUM |
| In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges. | |||||
| CVE-2019-16288 | 1 Tenda | 2 N301, N301 Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. | |||||
| CVE-2019-16377 | 1 Makandra | 1 Consul | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. | |||||
| CVE-2019-16400 | 1 Samsung | 6 Galaxy Note 2, Galaxy Note 2 Firmware, Galaxy S3 and 3 more | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks. | |||||
| CVE-2019-16650 | 1 Supermicro | 526 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 523 more | 2020-08-24 | 7.5 HIGH | 10.0 CRITICAL |
| On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. | |||||
| CVE-2019-16872 | 1 Portainer | 1 Portainer | 2020-08-24 | 9.0 HIGH | 9.9 CRITICAL |
| Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | |||||
| CVE-2019-16874 | 1 Portainer | 1 Portainer | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). | |||||
| CVE-2019-16877 | 1 Portainer | 1 Portainer | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | |||||
| CVE-2019-16899 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | |||||
| CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | |||||
| CVE-2019-17009 | 3 Microsoft, Mozilla, Opensuse | 5 Windows, Firefox, Firefox Esr and 2 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2019-17184 | 1 Xerox | 11 Atlalink B8045, Atlalink B8055, Atlalink B8065 and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. | |||||
| CVE-2019-17201 | 1 Fasttracksoftware | 1 Admin By Request | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions. | |||||
| CVE-2019-17230 | 1 Mageewp | 1 Onetone | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. | |||||
| CVE-2019-17336 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0. | |||||
| CVE-2019-17373 | 1 Netgear | 20 Dgn2200, Dgn2200 Firmware, Dgn2200m and 17 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. | |||||
| CVE-2019-17366 | 1 Citrix | 1 Application Delivery Management | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. | |||||
| CVE-2019-17389 | 1 Riot-os | 1 Riot | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted. | |||||
| CVE-2019-17390 | 1 Pronestor | 1 Planner | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control is mishandled, aka PNB-2359. | |||||
| CVE-2019-17435 | 1 Paloaltonetworks | 1 Globalprotect | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | |||||
| CVE-2019-17436 | 1 Paloaltonetworks | 1 Globalprotect | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | |||||
| CVE-2019-17528 | 1 Axiosys | 1 Bento4 | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | |||||
| CVE-2019-18194 | 1 Totalav | 1 Totalav 2020 | 2020-08-24 | 6.9 MEDIUM | 7.8 HIGH |
| TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | |||||
| CVE-2019-18195 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. | |||||
| CVE-2019-18200 | 1 Fujitsu | 2 Lx390, Lx390 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. | |||||