Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9938 | 1 Ushareit | 1 Shareit | 2021-07-21 | 2.9 LOW | 5.3 MEDIUM |
| The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." | |||||
| CVE-2019-9927 | 1 Caret | 1 Caret | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Caret before 2019-02-22 allows Remote Code Execution. | |||||
| CVE-2019-9924 | 2 Debian, Gnu | 2 Debian Linux, Bash | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | |||||
| CVE-2019-7539 | 1 Ipycache Project | 1 Ipycache | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code injection issue was discovered in ipycache through 2016-05-31. | |||||
| CVE-2019-9898 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | |||||
| CVE-2019-9897 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | |||||
| CVE-2019-9896 | 2 Microsoft, Putty | 2 Windows, Putty | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | |||||
| CVE-2019-9878 | 2 Pdfalto Project, Xpdfreader | 2 Pdfalto, Xpdf | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9877 | 1 Xpdfreader | 1 Xpdf | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | |||||
| CVE-2019-7436 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7434 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7431 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7429 | 1 Property Rental Software Project | 1 Property Rental Software | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. | |||||
| CVE-2019-7161 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data. | |||||
| CVE-2019-5885 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | |||||
| CVE-2019-5723 | 1 Portier | 1 Portier | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted. | |||||
| CVE-2019-9833 | 1 Screen Stream Project | 1 Screen Stream | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests. | |||||
| CVE-2019-9832 | 1 Airdrop Project | 1 Airdrop | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port. | |||||
| CVE-2019-9831 | 1 Airmore | 1 Airmore | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests. | |||||
| CVE-2019-9829 | 1 Maccms | 1 Maccms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates. | |||||
| CVE-2019-9785 | 1 Gitnoteapp | 1 Gitnote | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element. | |||||
| CVE-2019-9760 | 1 Ftpgetter | 1 Ftpgetter | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption. | |||||
| CVE-2019-9750 | 1 Iotivity | 1 Iotivity | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01 Unauthorized" response is mishandled. NOTE: the vendor states "While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite." | |||||
| CVE-2019-9749 | 1 Treasuredata | 1 Fluent Bit | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal. | |||||
| CVE-2019-5919 | 1 Nablarch Project | 1 Nablarch | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors. | |||||
| CVE-2019-0271 | 1 Sap | 3 Advanced Business Application Programming Platform, Advanced Business Application Programming Server, Sap Kernel | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. | |||||
| CVE-2019-9659 | 2 Chuango, Eminent | 22 A11 Pstn\/lcd\/rfid Touch Alarm System, A11 Pstn\/lcd\/rfid Touch Alarm System Firmware, A8 Pstn Alarm System and 19 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. | |||||
| CVE-2019-9641 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. | |||||
| CVE-2019-9640 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. | |||||
| CVE-2019-9639 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | |||||
| CVE-2019-9638 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | |||||
| CVE-2019-9627 | 1 Cyberark | 1 Endpoint Privilege Manager | 2021-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | |||||
| CVE-2019-9633 | 1 Gnome | 1 Glib | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | |||||
| CVE-2019-9614 | 1 Ofcms Project | 1 Ofcms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command. | |||||
| CVE-2019-9601 | 1 Apowersoft | 1 Apowermanager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests. | |||||
| CVE-2019-9600 | 1 Theolivetree | 1 Ftp Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets. | |||||
| CVE-2019-9599 | 1 Airdroid | 1 Airdroid | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests. | |||||
| CVE-2019-0200 | 1 Apache | 1 Qpid Broker-j | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later. | |||||
| CVE-2019-9590 | 1 Tengcon | 2 T-920 Plc, T-920 Plc Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x01\x00\xac\xff\x00 (aka UID 0x43) requests to TCP port 502. | |||||
| CVE-2019-0729 | 1 Microsoft | 1 Java Software Development Kit | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0728 | 1 Microsoft | 1 Visual Studio Code | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. | |||||
| CVE-2019-9552 | 1 Eloan Project | 1 Eloan | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | |||||
| CVE-2019-9547 | 1 Spdk | 1 Storage Performance Development Kit | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains. | |||||
| CVE-2019-9545 | 1 Freedesktop | 1 Poppler | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. | |||||
| CVE-2019-9543 | 1 Freedesktop | 1 Poppler | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. | |||||
| CVE-2019-9483 | 1 Amazon | 2 Ring Video Doorbell, Ring Video Doorbell Firmware | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | |||||
| CVE-2019-9482 | 1 Misp | 1 Misp | 2021-07-21 | 3.5 LOW | 5.3 MEDIUM |
| In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only). | |||||
| CVE-2019-2001 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211. | |||||
| CVE-2019-2000 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789. | |||||