Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12252 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | |||||
| CVE-2019-1226 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222. | |||||
| CVE-2019-12270 | 2 Microsoft, Opentext | 2 Windows, Brava\! | 2020-08-24 | 6.8 MEDIUM | 7.4 HIGH |
| OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation. | |||||
| CVE-2019-12272 | 1 Openwrt | 1 Luci | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | |||||
| CVE-2019-12274 | 1 Rancher | 1 Rancher | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. | |||||
| CVE-2019-12277 | 1 Blogifier | 1 Blogifier | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname. | |||||
| CVE-2019-12278 | 1 Opera | 1 Opera | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL. | |||||
| CVE-2019-12289 | 1 Vstracam | 4 C38s, C38s Firmware, C7824wip and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command. | |||||
| CVE-2019-1229 | 1 Microsoft | 1 Dynamics 365 | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-12291 | 1 Hashicorp | 1 Consul | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured. | |||||
| CVE-2019-12292 | 1 Citrix | 1 Appdna | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. | |||||
| CVE-2019-1230 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 4.0 MEDIUM | 6.8 MEDIUM |
| An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2019-12301 | 1 Percona | 1 Percona Server | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2. | |||||
| CVE-2019-12303 | 1 Rancher | 1 Rancher | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. | |||||
| CVE-2019-12312 | 1 Libreswan | 1 Libreswan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan. | |||||
| CVE-2019-12323 | 1 Hostingcontroller | 1 Hc10 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS. | |||||
| CVE-2019-13691 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13697 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-13698 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13700 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13706 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2019-1371 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | |||||
| CVE-2019-13710 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
| CVE-2019-13714 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. | |||||
| CVE-2019-13718 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-1372 | 1 Microsoft | 1 Azure App Service On Azure Stack | 2020-08-24 | 10.0 HIGH | 10.0 CRITICAL |
| An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'. | |||||
| CVE-2019-13721 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13723 | 3 Fedoraproject, Google, Redhat | 5 Fedora, Chrome, Enterprise Linux Desktop and 2 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13727 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
| CVE-2019-13729 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13732 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13736 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2019-13738 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-13739 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-13740 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-13741 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. | |||||
| CVE-2019-13742 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2019-13743 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2019-13746 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13747 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13748 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13749 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13751 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13754 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2019-13755 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | |||||
| CVE-2019-13756 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-13757 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-13758 | 1 Google | 2 Android, Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2019-13759 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-1376 | 1 Microsoft | 1 Sql Server Management Studio | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313. | |||||