Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12171 | 1 Dropbox | 1 Dropbox | 2021-07-21 | 4.3 MEDIUM | 7.8 HIGH |
| Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. | |||||
| CVE-2019-13255 | 1 Xnview | 1 Xnview | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464. | |||||
| CVE-2019-13254 | 1 Xnview | 1 Xnview | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808. | |||||
| CVE-2019-13253 | 1 Xnview | 1 Xnview | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474. | |||||
| CVE-2019-13252 | 1 Acdsee | 1 Acdsee | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0. | |||||
| CVE-2019-13251 | 1 Acdsee | 1 Acdsee | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff. | |||||
| CVE-2019-13250 | 1 Acdsee | 1 Acdsee | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f. | |||||
| CVE-2019-13249 | 1 Acdsee | 1 Acdsee | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a. | |||||
| CVE-2019-13248 | 1 Acdsee | 1 Acdsee | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450. | |||||
| CVE-2019-13247 | 1 Acdsee | 1 Acdsee | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed. | |||||
| CVE-2019-13246 | 1 Faststone | 1 Image Viewer | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601. | |||||
| CVE-2019-13245 | 1 Faststone | 1 Image Viewer | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1. | |||||
| CVE-2019-13244 | 1 Faststone | 1 Image Viewer | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. | |||||
| CVE-2019-13243 | 1 Irfanview | 1 Irfanview | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. | |||||
| CVE-2019-13242 | 1 Irfanview | 1 Irfanview | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. | |||||
| CVE-2019-13226 | 1 Deepin | 1 Deepin-clone | 2021-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system. | |||||
| CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
| CVE-2019-6632 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files. | |||||
| CVE-2019-7277 | 1 Optergy | 2 Enterprise, Proton | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. | |||||
| CVE-2019-4101 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091. | |||||
| CVE-2019-13127 | 2 Draw, Jgraph | 2 Draw.io Diagrams, Mxgraph | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js. | |||||
| CVE-2019-10993 | 1 Advantech | 1 Webaccess | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2019-5838 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. | |||||
| CVE-2019-5834 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-5812 | 2 Apple, Google | 2 Iphone Os, Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-5784 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-12981 | 1 Libming | 1 Libming | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. | |||||
| CVE-2019-9836 | 1 Amd | 15 Epyc 7251, Epyc 7261, Epyc 7281 and 12 more | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. | |||||
| CVE-2019-12817 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | |||||
| CVE-2019-12937 | 1 Toaruos | 1 Toaruos | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable. | |||||
| CVE-2019-10028 | 1 Netflix | 1 Dial Reference | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. | |||||
| CVE-2019-12919 | 1 Cylan | 4 Clever Dog Smart Camera Panorama Dog-2w, Clever Dog Smart Camera Panorama Dog-2w Firmware, Clever Dog Smart Camera Plus Dog-2w-v4 and 1 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device. | |||||
| CVE-2019-12904 | 2 Gnupg, Opensuse | 2 Libgcrypt, Leap | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| ** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack. | |||||
| CVE-2019-12903 | 1 Pydio | 1 Cells | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information. | |||||
| CVE-2019-12902 | 1 Pydio | 1 Cells | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data. | |||||
| CVE-2019-12899 | 1 Deltaww | 1 Devicenet Builder | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3. | |||||
| CVE-2019-12898 | 1 Deltaww | 1 Devicenet Builder | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e. | |||||
| CVE-2019-12895 | 1 Alternate-tools | 1 Alternate Pic View | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d. | |||||
| CVE-2019-12893 | 1 Alternate-tools | 1 Alternate Pic View | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868. | |||||
| CVE-2019-2025 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel | |||||
| CVE-2019-2016 | 1 Google | 1 Android | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120664978 | |||||
| CVE-2019-2008 | 1 Google | 1 Android | 2021-07-21 | 7.6 HIGH | 7.5 HIGH |
| In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-122309228 | |||||
| CVE-2019-2006 | 1 Google | 1 Android | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-116665972 | |||||
| CVE-2019-11409 | 1 Fusionpbx | 1 Fusionpbx | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module. | |||||
| CVE-2019-12829 | 1 Radare | 1 Radare2 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c. | |||||
| CVE-2019-12822 | 1 Embedthis | 1 Goahead | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | |||||
| CVE-2019-12813 | 1 Crossmatch | 2 Digital Persona U.are.u 4500, Digital Persona U.are.u 4500 Firmware | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt. | |||||
| CVE-2019-12802 | 1 Radare | 1 Radare2 | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). | |||||
| CVE-2019-5245 | 1 Huawei | 1 Hisuite | 2021-07-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. | |||||
| CVE-2019-0178 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2021-07-21 | 3.3 LOW | 3.6 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||