Vulnerabilities (CVE)

Total 309476 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16925 1 Flower Project 1 Flower 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access.
CVE-2019-16924 1 Nuvending 1 Nulock 2024-11-21 3.3 LOW 8.8 HIGH
The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock.
CVE-2019-16923 1 Kkcms Project 1 Kkcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
kkcms 1.3 has jx.php?url= XSS.
CVE-2019-16922 1 Salesagility 1 Suitecrm 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
CVE-2019-16921 1 Linux 1 Linux Kernel 2024-11-21 5.0 MEDIUM 7.5 HIGH
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.
CVE-2019-16919 2 Linuxfoundation, Vmware 3 Harbor, Cloud Foundation, Harbor Container Registry 2024-11-21 5.0 MEDIUM 7.5 HIGH
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.
CVE-2019-16917 1 Wikidsystems 1 Two Factor Authentication Enterprise Server 2024-11-21 6.5 MEDIUM 8.8 HIGH
WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function.
CVE-2019-16915 1 Netgate 1 Pfsense 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.
CVE-2019-16914 1 Netgate 1 Pfsense 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
CVE-2019-16913 1 Pcprotect 1 Antivirus 2024-11-21 7.2 HIGH 7.8 HIGH
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.
CVE-2019-16910 3 Arm, Debian, Fedoraproject 4 Mbed Crypto, Mbed Tls, Debian Linux and 1 more 2024-11-21 2.6 LOW 5.3 MEDIUM
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
CVE-2019-16909 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.
CVE-2019-16908 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI.
CVE-2019-16907 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.
CVE-2019-16906 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user.
CVE-2019-16904 1 Teampass 1 Teampass 2024-11-21 3.5 LOW 5.4 MEDIUM
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
CVE-2019-16903 1 Plutinosoft 1 Platinum 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead.
CVE-2019-16902 1 Reputeinfosystems 1 Arforms 2024-11-21 6.4 MEDIUM 7.5 HIGH
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
CVE-2019-16901 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 5.0 MEDIUM 7.5 HIGH
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
CVE-2019-16900 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 5.0 MEDIUM 7.5 HIGH
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.