Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3734 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users. | |||||
| CVE-2019-3735 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. | |||||
| CVE-2019-3742 | 1 Dell | 1 Digital Delivery | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges. | |||||
| CVE-2019-3744 | 1 Dell | 1 Digital Delivery | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges. | |||||
| CVE-2019-3824 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. | |||||
| CVE-2019-3851 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. | |||||
| CVE-2019-3852 | 1 Moodle | 1 Moodle | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities | |||||
| CVE-2019-3909 | 1 Identicard | 1 Premisys Id | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention. | |||||
| CVE-2019-3910 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2020-08-24 | 8.5 HIGH | 9.1 CRITICAL |
| Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. | |||||
| CVE-2019-3914 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. | |||||
| CVE-2019-3915 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2020-08-24 | 5.4 MEDIUM | 7.5 HIGH |
| Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. | |||||
| CVE-2019-3916 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). | |||||
| CVE-2019-3941 | 1 Advantech | 1 Webaccess | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | |||||
| CVE-2019-3947 | 1 Fujielectric | 1 V-server | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. | |||||
| CVE-2019-3948 | 2 Amcrest, Dahua | 13 Ip2m-841b, Ip2m-841b Firmware, Dh-ipc-hx863x and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device. | |||||
| CVE-2019-3953 | 1 Advantech | 1 Webaccess | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | |||||
| CVE-2019-3954 | 1 Advantech | 1 Webaccess | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. | |||||
| CVE-2019-3955 | 1 Dameware | 1 Remote Mini Control | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which could cause a denial of service. | |||||
| CVE-2019-3962 | 1 Tenable | 1 Nessus | 2020-08-24 | 4.3 MEDIUM | 3.3 LOW |
| Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration. | |||||
| CVE-2019-3968 | 1 Open-emr | 1 Openemr | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form. | |||||
| CVE-2019-3969 | 1 Comodo | 1 Antivirus | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges. | |||||
| CVE-2019-3971 | 1 Comodo | 1 Antivirus | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". A low privileged local process can connect to this port and send an LPC_DATAGRAM, which triggers an Access Violation due to hardcoded NULLs used for Source parameter in a memcpy operation that is called for this handler. This results in CmdVirth.exe and its child svchost.exe instances to terminate. | |||||
| CVE-2019-3974 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2020-08-24 | 8.5 HIGH | 8.1 HIGH |
| Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. | |||||
| CVE-2019-3983 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2020-08-24 | 7.2 HIGH | 6.8 MEDIUM |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | |||||
| CVE-2019-3984 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | |||||
| CVE-2019-3990 | 1 Linuxfoundation | 1 Harbor | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. | |||||
| CVE-2019-3997 | 1 Simplisafe | 2 Ss3, Ss3 Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system. | |||||
| CVE-2019-4038 | 1 Ibm | 1 Security Identity Manager | 2020-08-24 | 4.6 MEDIUM | 6.2 MEDIUM |
| IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. | |||||
| CVE-2019-4047 | 1 Ibm | 1 Jazz Reporting Service | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243. | |||||
| CVE-2019-4048 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2020-08-24 | 2.1 LOW | 2.1 LOW |
| IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. | |||||
| CVE-2019-4052 | 1 Ibm | 1 Api Connect | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. | |||||
| CVE-2019-4054 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563. | |||||
| CVE-2019-4057 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567. | |||||
| CVE-2019-4058 | 1 Ibm | 1 Bigfix Platform | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. | |||||
| CVE-2019-4059 | 1 Ibm | 1 Rational Clearcase | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. | |||||
| CVE-2019-4061 | 1 Ibm | 1 Bigfix Platform | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869. | |||||
| CVE-2019-4063 | 1 Ibm | 1 Sterling B2b Integrator | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. | |||||
| CVE-2019-4067 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. | |||||
| CVE-2019-4068 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013. | |||||
| CVE-2019-4071 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063. | |||||
| CVE-2019-4078 | 1 Ibm | 1 Websphere Mq | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190. | |||||
| CVE-2019-4084 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384. | |||||
| CVE-2019-4087 | 1 Ibm | 1 Spectrum Protect Operations Center | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510. | |||||
| CVE-2019-4088 | 1 Ibm | 1 Spectrum Protect Operations Center | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. | |||||
| CVE-2019-4093 | 2 Ibm, Microsoft | 2 Spectrum Protect, Windows | 2020-08-24 | 3.6 LOW | 4.4 MEDIUM |
| IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981. | |||||
| CVE-2019-4094 | 2 Ibm, Linux | 2 Db2, Linux Kernel | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014. | |||||
| CVE-2019-4103 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-08-24 | 7.7 HIGH | 8.0 HIGH |
| IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094. | |||||
| CVE-2019-4112 | 1 Ibm | 1 Websphere Extreme Scale | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105. | |||||
| CVE-2019-4116 | 1 Ibm | 1 Cloud Private | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115. | |||||
| CVE-2019-4118 | 1 Ibm | 1 Multicloud Manager | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. | |||||