Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13104 | 1 Denx | 1 U-boot | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | |||||
| CVE-2019-14671 | 1 Firefly-iii | 1 Firefly Iii | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints. | |||||
| CVE-2019-5502 | 1 Netapp | 1 Data Ontap | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. | |||||
| CVE-2019-7951 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. | |||||
| CVE-2019-7942 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. | |||||
| CVE-2019-7932 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. | |||||
| CVE-2019-7929 | 1 Magento | 1 Magento | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. | |||||
| CVE-2019-7903 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | |||||
| CVE-2019-7888 | 1 Magento | 1 Magento | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template. | |||||
| CVE-2019-7886 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts. | |||||
| CVE-2019-7860 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2019-7858 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. | |||||
| CVE-2019-7855 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. | |||||
| CVE-2019-14532 | 1 Sleuthkit | 1 The Sleuth Kit | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. | |||||
| CVE-2019-14242 | 2 Bitdefender, Microsoft | 5 Antivirus Plus, Endpoint Security Tool, Internet Security and 2 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. | |||||
| CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | |||||
| CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | |||||
| CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | |||||
| CVE-2019-14399 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.1 MEDIUM | 7.1 HIGH |
| The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | |||||
| CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | |||||
| CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | |||||
| CVE-2019-14271 | 1 Docker | 1 Docker | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | |||||
| CVE-2019-12743 | 1 Humhub | 1 Social Network Kit | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure. | |||||
| CVE-2019-1020004 | 1 Tridactyl Project | 1 Tridactyl | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Tridactyl before 1.16.0 allows fake key events. | |||||
| CVE-2019-1020018 | 1 Discourse | 1 Discourse | 2021-07-21 | 7.5 HIGH | 7.3 HIGH |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. | |||||
| CVE-2019-1020015 | 1 Hasura | 1 Graphql Engine | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. | |||||
| CVE-2019-1020011 | 1 Charcoal-se | 1 Smokedetector | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. | |||||
| CVE-2019-1020001 | 1 Yardoc | 1 Yard | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| yard before 0.9.20 allows path traversal. | |||||
| CVE-2019-13385 | 1 Centos-webpanel | 1 Centos Web Panel | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. | |||||
| CVE-2019-14277 | 1 Axway | 1 Securetransport | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.” | |||||
| CVE-2019-2314 | 1 Qualcomm | 48 Msm8909w, Msm8909w Firmware, Qcs405 and 45 more | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24 | |||||
| CVE-2019-2254 | 1 Qualcomm | 102 Mdm9150, Mdm9150 Firmware, Mdm9206 and 99 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-2241 | 1 Qualcomm | 62 Mdm9150, Mdm9150 Firmware, Mdm9206 and 59 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130 | |||||
| CVE-2019-2240 | 1 Qualcomm | 100 Ipq4019, Ipq4019 Firmware, Ipq8064 and 97 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9880, QCA9886, QCA9980, QCN5502, QCS404, QCS605, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130 | |||||
| CVE-2019-2239 | 1 Qualcomm | 100 Mdm9150, Mdm9150 Firmware, Mdm9206 and 97 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-1010176 | 1 Jerryscript | 1 Jerryscript | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0. | |||||
| CVE-2019-1010180 | 2 Gnu, Opensuse | 2 Gdb, Leap | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. | |||||
| CVE-2019-1010163 | 1 Socusoft | 1 Photo 2 Video Converter | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley). | |||||
| CVE-2019-9821 | 1 Mozilla | 1 Firefox | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67. | |||||
| CVE-2019-9819 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2019-9818 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-07-21 | 5.1 MEDIUM | 8.3 HIGH |
| A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2019-9814 | 1 Mozilla | 1 Firefox | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. | |||||
| CVE-2019-9800 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2019-11710 | 1 Mozilla | 1 Firefox | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. | |||||
| CVE-2019-11709 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-11704 | 1 Mozilla | 1 Thunderbird | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | |||||
| CVE-2019-11703 | 1 Mozilla | 1 Thunderbird | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | |||||
| CVE-2019-11693 | 2 Linux, Mozilla | 4 Linux Kernel, Firefox, Firefox Esr and 1 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2019-1010204 | 1 Gnu | 2 Binutils, Binutils Gold | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. | |||||
| CVE-2019-1010152 | 1 Zzcms | 1 Zzcms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. | |||||