Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5773 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | ||||
| CVE-2019-5227 | 1 Huawei | 8 Hisuite, Hisuite Firmware, Mate 20 and 5 more | 2024-11-21 | 5.5 Medium |
| P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. | ||||
| CVE-2019-5226 | 1 Huawei | 8 Hisuite, Hisuite Firmware, Mate 20 and 5 more | 2024-11-21 | 5.5 Medium |
| P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. | ||||
| CVE-2019-5062 | 1 W1.fi | 1 Hostapd | 2024-11-21 | 6.5 Medium |
| An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. | ||||
| CVE-2019-5036 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2024-11-21 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability. | ||||
| CVE-2019-4640 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 9.8 Critical |
| IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. | ||||
| CVE-2019-3980 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 9.8 Critical |
| The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account. | ||||
| CVE-2019-25211 | 2 Gin-contrib, Redhat | 2 Cors, Rhmt | 2024-11-21 | 9.1 Critical |
| parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed. | ||||
| CVE-2019-20329 | 1 Openlambda Project | 1 Openlambda | 2024-11-21 | 8.1 High |
| OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000. | ||||
| CVE-2019-1447 | 1 Microsoft | 1 Office Online Server | 2024-11-21 | 5.4 Medium |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445. | ||||
| CVE-2019-1445 | 1 Microsoft | 1 Office Online Server | 2024-11-21 | 5.4 Medium |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447. | ||||
| CVE-2019-1442 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 5.5 Medium |
| A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | ||||
| CVE-2019-1413 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2024-11-21 | 4.3 Medium |
| A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | ||||
| CVE-2019-1235 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-19545 | 1 Norton | 1 Password Manager | 2024-11-21 | 6.3 Medium |
| Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. | ||||
| CVE-2019-19019 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 7.5 High |
| An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product. | ||||
| CVE-2019-18381 | 1 Norton | 1 Password Manager | 2024-11-21 | 6.3 Medium |
| Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. | ||||
| CVE-2019-16517 | 1 Connectwise | 1 Control | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge. | ||||
| CVE-2019-16275 | 3 Canonical, Debian, W1.fi | 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more | 2024-11-21 | 6.5 Medium |
| hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | ||||
| CVE-2019-16237 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-11-21 | 7.5 High |
| Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | ||||