Total
299226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19692 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | |||||
| CVE-2019-19691 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability. | |||||
| CVE-2019-19690 | 2 Google, Trendmicro | 2 Android, Mobile Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | |||||
| CVE-2019-19689 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | |||||
| CVE-2019-19688 | 1 Trendmicro | 1 Housecall For Home Networks | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges. | |||||
| CVE-2019-19687 | 1 Openstack | 1 Keystone | 2024-11-21 | 3.5 LOW | 8.8 HIGH |
| OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) | |||||
| CVE-2019-19685 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | |||||
| CVE-2019-19684 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin. | |||||
| CVE-2019-19683 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. | |||||
| CVE-2019-19682 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor. | |||||
| CVE-2019-19681 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| ** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands. | |||||
| CVE-2019-19680 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email. | |||||
| CVE-2019-19679 | 1 Xpand-it | 1 Xray Test Mangaement | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. | |||||
| CVE-2019-19678 | 1 Xpand-it | 1 Xray Test Mangaement | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. | |||||
| CVE-2019-19677 | 1 Arxes-tolina | 1 Arxes-tolina | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| arxes-tolina 3.0.0 allows User Enumeration. | |||||
| CVE-2019-19676 | 1 Arxes-tolina | 1 Arxes-tolina | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. | |||||
| CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | |||||
| CVE-2019-19670 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. | |||||
| CVE-2019-19669 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-19668 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. | |||||