Total
646 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-13546 | 1 Philips | 1 Intellispace Perinatal | 2024-08-04 | 6.8 Medium |
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. | ||||
CVE-2019-13379 | 1 Avtech | 2 Room Alert 3e, Room Alert 3e Firmware | 2024-08-04 | N/A |
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. | ||||
CVE-2019-12875 | 1 Alpinelinux | 1 Abuild | 2024-08-04 | N/A |
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. | ||||
CVE-2019-12274 | 1 Suse | 1 Rancher | 2024-08-04 | N/A |
In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. | ||||
CVE-2019-11728 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-08-04 | 4.7 Medium |
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. | ||||
CVE-2019-10805 | 1 Sideralis | 1 Valib.js | 2024-08-04 | 7.5 High |
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks. | ||||
CVE-2019-10781 | 1 Schema-inspector Project | 1 Schema-inspector | 2024-08-04 | 9.8 Critical |
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector. | ||||
CVE-2019-10790 | 1 Taffydb | 1 Taffy | 2024-08-04 | 7.5 High |
taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB. | ||||
CVE-2019-10365 | 1 Google | 1 Kubernetes Engine | 2024-08-04 | 4.3 Medium |
Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | ||||
CVE-2019-9475 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886 | ||||
CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | ||||
CVE-2019-9011 | 1 Pilz | 1 Pmc | 2024-08-04 | 5.3 Medium |
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames. | ||||
CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-08-04 | 3.3 Low |
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | ||||
CVE-2019-8779 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-04 | 10.0 Critical |
A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. | ||||
CVE-2019-8702 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-08-04 | 5.5 Medium |
This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. | ||||
CVE-2019-8308 | 3 Debian, Flatpak, Redhat | 9 Debian Linux, Flatpak, Enterprise Linux and 6 more | 2024-08-04 | N/A |
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | ||||
CVE-2019-5159 | 1 Wago | 1 E\!cockpit | 2024-08-04 | 7.8 High |
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. | ||||
CVE-2019-3970 | 1 Comodo | 1 Antivirus | 2024-08-04 | N/A |
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures. | ||||
CVE-2019-3569 | 1 Facebook | 1 Hhvm | 2024-08-04 | 7.5 High |
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | ||||
CVE-2020-36532 | 1 Klapp | 1 App | 2024-08-04 | 4.3 Medium |
A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. |