Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3621 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2020-08-24 | 4.6 MEDIUM | 6.2 MEDIUM |
| Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine. | |||||
| CVE-2019-3628 | 1 Mcafee | 1 Enterprise Security Manager | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | |||||
| CVE-2019-4234 | 1 Ibm | 1 Pureapplication System | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416. | |||||
| CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
| CVE-2019-4239 | 2 Ibm, Redhat | 2 Cloud Private, Openshift | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. | |||||
| CVE-2019-4241 | 1 Ibm | 1 Pureapplication System | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467. | |||||
| CVE-2019-4243 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2020-08-24 | 3.6 LOW | 4.4 MEDIUM |
| IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517. | |||||
| CVE-2019-4246 | 1 Ibm | 1 Daeja Viewone | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521. | |||||
| CVE-2019-4253 | 1 Ibm | 1 Informix Dynamic Server | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941. | |||||
| CVE-2019-4257 | 1 Ibm | 3 Infosphere Information Analyzer, Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. | |||||
| CVE-2019-4259 | 1 Ibm | 1 Spectrum Scale | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011. | |||||
| CVE-2019-4260 | 1 Ibm | 1 Daeja Viewone | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. | |||||
| CVE-2019-4263 | 1 Ibm | 1 Content Navigator | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. | |||||
| CVE-2019-4269 | 1 Ibm | 1 Websphere Application Server | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. | |||||
| CVE-2019-4275 | 1 Ibm | 1 Jazz For Service Management | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. | |||||
| CVE-2019-4280 | 1 Ibm | 1 Sterling File Gateway | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503. | |||||
| CVE-2019-4293 | 1 Ibm | 1 Storwize Unified V7000 Software | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699. | |||||
| CVE-2019-4294 | 1 Ibm | 2 Datapower Gateway, Mq Appliance | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. | |||||
| CVE-2019-4295 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758. | |||||
| CVE-2019-4296 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. | |||||
| CVE-2019-4298 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2020-08-24 | 3.6 LOW | 7.1 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. | |||||
| CVE-2019-4301 | 1 Hcltech | 1 Self-service Application | 2020-08-24 | 6.0 MEDIUM | 8.4 HIGH |
| BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML. | |||||
| CVE-2019-4308 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. | |||||
| CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | |||||
| CVE-2019-4311 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. | |||||
| CVE-2019-4314 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. | |||||
| CVE-2019-4321 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. | |||||
| CVE-2019-4334 | 1 Ibm | 1 Cognos Analytics | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. | |||||
| CVE-2019-4335 | 1 Ibm | 1 Watson Studio Local | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413. | |||||
| CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | |||||
| CVE-2019-4337 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. | |||||
| CVE-2019-4338 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. | |||||
| CVE-2019-4343 | 1 Ibm | 1 Cognos Analytics | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. | |||||
| CVE-2019-4357 | 1 Ibm | 1 Spectrum Protect Plus | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667, | |||||
| CVE-2019-4364 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2020-08-24 | 8.5 HIGH | 8.0 HIGH |
| IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | |||||
| CVE-2019-4377 | 1 Ibm | 1 Sterling B2b Integrator | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. | |||||
| CVE-2019-4382 | 1 Ibm | 1 Api Connect | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. | |||||
| CVE-2019-4383 | 1 Ibm | 1 Spectrum Protect Plus | 2020-08-24 | 3.6 LOW | 6.0 MEDIUM |
| When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. | |||||
| CVE-2019-4385 | 1 Ibm | 1 Spectrum Protect Plus | 2020-08-24 | 2.1 LOW | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173. | |||||
| CVE-2019-4395 | 1 Ibm | 1 Cloud Orchestrator | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. | |||||
| CVE-2019-4396 | 1 Ibm | 1 Cloud Orchestrator | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. | |||||
| CVE-2019-4411 | 1 Ibm | 1 Cognos Controller | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. | |||||
| CVE-2019-4415 | 1 Ibm | 1 Cloud Private | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706. | |||||
| CVE-2019-4420 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2020-08-24 | 2.1 LOW | 6.2 MEDIUM |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738. | |||||
| CVE-2019-6612 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 6 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart. | |||||
| CVE-2019-6613 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. | |||||
| CVE-2019-6614 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.5 MEDIUM | 4.9 MEDIUM |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. | |||||
| CVE-2019-6615 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. | |||||
| CVE-2019-6616 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode. | |||||
| CVE-2019-6617 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions. | |||||