Total
7293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7176 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. | |||||
| CVE-2019-6679 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 3.6 LOW | 3.3 LOW |
| On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted. | |||||
| CVE-2019-6331 | 1 Hp | 1 Samsung Mobile Print | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information. | |||||
| CVE-2019-6156 | 1 Lenovo | 354 330-14igm, 330-14igm Firmware, 330-15igm and 351 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. | |||||
| CVE-2019-6122 | 1 Nicehash | 1 Miner | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
| A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address. | |||||
| CVE-2019-6121 | 1 Nicehash | 1 Miner | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information. | |||||
| CVE-2019-5642 | 1 Rapid7 | 1 Metasploit | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface. | |||||
| CVE-2019-5641 | 1 Rapid7 | 1 Insightvm | 2024-11-21 | N/A | 3.3 LOW |
| Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | |||||
| CVE-2019-5640 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
| Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | |||||
| CVE-2019-5461 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2019-5452 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | |||||
| CVE-2019-5435 | 1 Haxx | 1 Curl | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | |||||
| CVE-2019-5308 | 1 Huawei | 2 Mate 20 Rs, Mate 20 Rs Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. | |||||
| CVE-2019-5301 | 1 Huawei | 2 Honor V20, Honor V20 Firmware | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information. | |||||
| CVE-2019-5296 | 1 Huawei | 2 Mate20, Mate20 Firmware | 2024-11-21 | 1.7 LOW | 3.9 LOW |
| Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may cause out-of-bounds read of the memory and the system abnormal. | |||||
| CVE-2019-5292 | 1 Huawei | 6 Honor 10 Lite, Honor 10 Lite Firmware, Honor 8a and 3 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. | |||||
| CVE-2019-5252 | 1 Huawei | 12 Enjoy 8 Plus, Enjoy 8 Plus Firmware, Honor 8x and 9 more | 2024-11-21 | 3.6 LOW | 3.5 LOW |
| There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant. | |||||
| CVE-2019-5213 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2024-11-21 | 1.9 LOW | 2.4 LOW |
| Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. | |||||
| CVE-2019-4706 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. | |||||
| CVE-2019-4705 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. | |||||