Total
32389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 7.3 High |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | ||||
| CVE-2019-18933 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 9.8 Critical |
| In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | ||||
| CVE-2019-18928 | 4 Cyrus, Debian, Fedoraproject and 1 more | 4 Imap, Debian Linux, Fedora and 1 more | 2024-11-21 | 9.8 Critical |
| Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | ||||
| CVE-2019-18913 | 1 Hp | 66 Elite Dragonfly, Elite Dragonfly Firmware, Elite X2 G4 and 63 more | 2024-11-21 | 6.8 Medium |
| A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02). | ||||
| CVE-2019-18912 | 1 Hp | 23 Futuresmart 4, Laserjet Enterprise Flow Mfp M527 F2a78v, Laserjet Enterprise Flow Mfp M527 F2a79a and 20 more | 2024-11-21 | 7.8 High |
| A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. | ||||
| CVE-2019-18864 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | ||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2024-11-21 | 7.8 High |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | ||||
| CVE-2019-18855 | 1 10up | 1 Safe Svg | 2024-11-21 | 7.5 High |
| A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | ||||
| CVE-2019-18841 | 1 Chartkick | 1 Chartkick.js | 2024-11-21 | 7.3 High |
| Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | ||||
| CVE-2019-18802 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers. | ||||
| CVE-2019-18642 | 1 Sparkdevnetwork | 1 Rock Rms | 2024-11-21 | 9.8 Critical |
| Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account. | ||||
| CVE-2019-18641 | 1 Sparkdevnetwork | 1 Rock Rms | 2024-11-21 | 9.8 Critical |
| Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. | ||||
| CVE-2019-18629 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 8.1 High |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. | ||||
| CVE-2019-18628 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 4.9 Medium |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | ||||
| CVE-2019-18625 | 4 Debian, Linux, Microsoft and 1 more | 4 Debian Linux, Linux Kernel, Windows and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets. | ||||
| CVE-2019-18624 | 1 Opera | 1 Mini | 2024-11-21 | 9.8 Critical |
| Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. | ||||
| CVE-2019-18618 | 3 Hp, Lenovo, Synaptics | 266 Elite Slice, Elite Slice Firmware, Elite X2 1012 G2 and 263 more | 2024-11-21 | 6.0 Medium |
| Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. | ||||
| CVE-2019-18608 | 1 Cezerin | 1 Cezerin | 2024-11-21 | 7.5 High |
| Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js. | ||||
| CVE-2019-18604 | 2 Axodraw2 Project, Axohelp.c Project | 2 Axodraw2, Axohelp.c | 2024-11-21 | 9.8 Critical |
| In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. | ||||
| CVE-2019-18568 | 2 Avira, Microsoft | 2 Free Antivirus, Windows | 2024-11-21 | 8.8 High |
| Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. | ||||