Total
3306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15136 | 1 Eprosima | 1 Fast-rtps | 2024-08-05 | N/A |
| The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition. | ||||
| CVE-2019-15030 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2024-08-05 | 4.4 Medium |
| In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. | ||||
| CVE-2019-14883 | 1 Moodle | 1 Moodle | 2024-08-05 | 5.3 Medium |
| A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token. | ||||
| CVE-2019-14822 | 4 Canonical, Ibus Project, Oracle and 1 more | 5 Ubuntu Linux, Ibus, Zfs Storage Appliance Kit and 2 more | 2024-08-05 | 7.1 High |
| A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. | ||||
| CVE-2019-14793 | 1 Metabox | 1 Meta Box | 2024-08-05 | N/A |
| The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. | ||||
| CVE-2019-14786 | 1 Rankmath | 1 Seo | 2024-08-05 | 6.5 Medium |
| The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. | ||||
| CVE-2019-14473 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2024-08-05 | N/A |
| eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp. | ||||
| CVE-2019-14544 | 1 Gogs | 1 Gogs | 2024-08-05 | N/A |
| routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | ||||
| CVE-2019-14475 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2024-08-05 | N/A |
| eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. | ||||
| CVE-2019-14116 | 1 Qualcomm | 2 Ipq6018, Ipq6018 Firmware | 2024-08-05 | 7.8 High |
| Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018 | ||||
| CVE-2019-13748 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-08-05 | 6.5 Medium |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2019-13673 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-04 | 7.4 High |
| Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13547 | 1 Advantech | 1 Wise-paas\/rmm | 2024-08-04 | 9.8 Critical |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | ||||
| CVE-2019-13450 | 2 Ringcentral, Zoom | 2 Ringcentral, Zoom | 2024-08-04 | N/A |
| In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file. | ||||
| CVE-2019-13013 | 2 Apple, Obdev | 2 Macos, Little Snitch | 2024-08-04 | 5.5 Medium |
| Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root. | ||||
| CVE-2019-13047 | 1 Toaruos Project | 1 Toaruos | 2024-08-04 | N/A |
| kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. | ||||
| CVE-2019-12942 | 1 Ttlock | 1 Ttlock | 2024-08-04 | 6.5 Medium |
| TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. | ||||
| CVE-2019-12944 | 1 Gluehome | 2 Glue Smart Lock, Glue Smart Lock Firmware | 2024-08-04 | 7.5 High |
| Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. | ||||
| CVE-2019-12926 | 1 Mailenable | 1 Mailenable | 2024-08-04 | N/A |
| MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access. | ||||
| CVE-2019-12875 | 1 Alpinelinux | 1 Abuild | 2024-08-04 | N/A |
| Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. | ||||