Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19062 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2020-08-24 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. | |||||
| CVE-2019-14401 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | |||||
| CVE-2019-14402 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | |||||
| CVE-2019-14405 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | |||||
| CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | |||||
| CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | |||||
| CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | |||||
| CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | |||||
| CVE-2019-14416 | 1 Veritas | 1 Resiliency Platform | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | |||||
| CVE-2019-14417 | 1 Veritas | 1 Resiliency Platform | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | |||||
| CVE-2019-1442 | 1 Microsoft | 1 Sharepoint Server | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-14422 | 1 Tortoisesvn | 1 Tortoisesvn | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside. | |||||
| CVE-2019-1443 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | |||||
| CVE-2019-14431 | 1 Matrixssl | 1 Matrixssl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | |||||
| CVE-2019-14437 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | |||||
| CVE-2019-14439 | 2 Debian, Fasterxml | 2 Debian Linux, Jackson-databind | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | |||||
| CVE-2019-14441 | 1 Libav | 1 Libav | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129. | |||||
| CVE-2019-14442 | 1 Libav | 1 Libav | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
| In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
| CVE-2019-1445 | 1 Microsoft | 1 Office Online Server | 2020-08-24 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447. | |||||
| CVE-2019-14454 | 1 Salesagility | 1 Suitecrm | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | |||||
| CVE-2019-14458 | 1 Vivotek | 1 Camera | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | |||||
| CVE-2019-14467 | 1 Infoway | 1 Social Photo Gallery | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked. | |||||
| CVE-2019-1447 | 1 Microsoft | 1 Office Online Server | 2020-08-24 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445. | |||||
| CVE-2019-14473 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp. | |||||
| CVE-2019-14475 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. | |||||
| CVE-2019-1448 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1449 | 1 Microsoft | 2 Office, Office 365 Proplus | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-14513 | 1 Thekelleys | 1 Dnsmasq | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. | |||||
| CVE-2019-14524 | 1 Schismtracker | 1 Schism Tracker | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | |||||
| CVE-2019-14528 | 1 Gnucobol Project | 1 Gnucobol | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. | |||||
| CVE-2019-1453 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | |||||
| CVE-2019-14537 | 1 Yourls | 1 Yourls | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. | |||||
| CVE-2019-14541 | 1 Gnucobol Project | 1 Gnucobol | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. | |||||
| CVE-2019-14544 | 1 Gogs | 1 Gogs | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | |||||
| CVE-2019-14551 | 1 Daskeyboard | 4 Das Keyboard 4q, Das Keyboard 5q, Das Keyboard X50q and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. | |||||
| CVE-2019-1456 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419. | |||||
| CVE-2019-14565 | 3 Intel, Linux, Microsoft | 3 Software Guard Extensions Sdk, Linux Kernel, Windows | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | |||||
| CVE-2019-1457 | 1 Microsoft | 1 Office | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | |||||
| CVE-2019-14570 | 1 Intel | 10 Nuc 8 Mainstream Game Kit, Nuc 8 Mainstream Game Kit Firmware, Nuc 8 Mainstream Game Mini Computer and 7 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-14590 | 1 Intel | 1 Graphics Driver | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-14596 | 1 Intel | 1 Chipset Inf Utility | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-1460 | 1 Microsoft | 1 Outlook | 2020-08-24 | 3.5 LOW | 4.6 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | |||||
| CVE-2019-1461 | 1 Microsoft | 3 Office, Office 365 Proplus, Word | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
| A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. | |||||
| CVE-2019-1462 | 1 Microsoft | 3 Office, Office 365 Proplus, Powerpoint | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. | |||||
| CVE-2019-14629 | 1 Intel | 1 Data Analytics Acceleration Library | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-1465 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. | |||||
| CVE-2019-14654 | 1 Joomla | 1 Joomla\! | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. | |||||
| CVE-2019-1466 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467. | |||||
| CVE-2019-14662 | 1 Brandy Project | 1 Brandy | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. | |||||