Total
314461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9156 | 1 Gemalto | 1 Ezio Ds3 Server | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection. | |||||
| CVE-2019-9155 | 1 Openpgpjs | 1 Openpgpjs | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key. | |||||
| CVE-2019-9154 | 1 Openpgpjs | 1 Openpgpjs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. | |||||
| CVE-2019-9153 | 1 Openpgpjs | 1 Openpgpjs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. | |||||
| CVE-2019-9152 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c. | |||||
| CVE-2019-9151 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c. | |||||
| CVE-2019-9150 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported. | |||||
| CVE-2019-9149 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope. | |||||
| CVE-2019-9148 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person. | |||||
| CVE-2019-9147 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed. | |||||
| CVE-2019-9146 | 1 Jamf | 1 Self Service | 2024-11-21 | 7.9 HIGH | 7.5 HIGH |
| Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream. | |||||
| CVE-2019-9145 | 1 Hsycms | 1 Hsycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page. | |||||
| CVE-2019-9144 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9143 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9142 | 1 B3log | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | |||||
| CVE-2019-9141 | 1 Imgtech | 1 Zoneplayer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution. | |||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | |||||
| CVE-2019-9139 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9138 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9137 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||