Total
28702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2516 | 1 Oracle | 1 Database Server | 2024-02-28 | 4.6 MEDIUM | 8.2 HIGH |
| Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2019-2600 | 1 Oracle | 1 Email Center | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2018-17493 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system. | |||||
| CVE-2019-0875 | 1 Microsoft | 1 Azure Devops Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-4293 | 1 Ibm | 1 Storwize Unified V7000 Software | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699. | |||||
| CVE-2019-11143 | 1 Intel | 1 Authenticate | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-5493 | 1 Netapp | 1 Data Ontap | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. | |||||
| CVE-2019-5933 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'. | |||||
| CVE-2019-1008 | 1 Microsoft | 2 Dynamics 365, Dynamics Crm 2015 | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'. | |||||
| CVE-2019-4210 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986. | |||||
| CVE-2019-11415 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. | |||||
| CVE-2019-2656 | 1 Oracle | 1 Vm Virtualbox | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-17196 | 1 Apache | 1 Kafka | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed. | |||||
| CVE-2019-2625 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-17494 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system. | |||||
| CVE-2019-2854 | 1 Oracle | 1 Outside In Technology | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
| Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2019-15293 | 1 Acdsee | 1 Photo Studio | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060. | |||||
| CVE-2019-5686 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. | |||||
| CVE-2019-2786 | 5 Canonical, Hp, Opensuse and 2 more | 11 Ubuntu Linux, Xp7 Command View, Leap and 8 more | 2024-02-28 | 2.6 LOW | 3.4 LOW |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). | |||||
| CVE-2019-15824 | 1 Wpserveur | 1 Wps Hide Login | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. | |||||