Total
7220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19620 | 1 Dell | 1 Red Cloak Windows Agent | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file. | |||||
| CVE-2019-19563 | 1 Harman | 1 Hermes | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2019-19561 | 1 Harman | 1 Hermes | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2019-19557 | 1 Harman | 1 Hermes | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2019-19534 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | |||||
| CVE-2019-19533 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |||||
| CVE-2019-19411 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. | |||||
| CVE-2019-19126 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. | |||||
| CVE-2019-19092 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. | |||||
| CVE-2019-19090 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. | |||||
| CVE-2019-19057 | 7 Broadcom, Canonical, Debian and 4 more | 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Debian Linux and 17 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. | |||||
| CVE-2019-19018 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using. | |||||
| CVE-2019-19004 | 2 Autotrace Project, Fedoraproject | 2 Autotrace, Fedora | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. | |||||
| CVE-2019-18994 | 1 Abb | 1 Pb610 Panel Builder 600 | 2024-11-21 | 3.5 LOW | 3.9 LOW |
| Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service. | |||||
| CVE-2019-18947 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | |||||
| CVE-2019-18458 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). | |||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2024-11-21 | 7.5 HIGH | 3.7 LOW |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | |||||
| CVE-2019-17401 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue. | |||||
| CVE-2019-17264 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue. | |||||
| CVE-2019-17263 | 1 Libfwsi Project | 1 Libfwsi | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue. | |||||