Total
28702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16207 | 1 Omron | 1 Poweract Pro Master Agent | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors. | |||||
| CVE-2019-5528 | 1 Vmware | 1 Esxi | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available. | |||||
| CVE-2019-4275 | 1 Ibm | 1 Jazz For Service Management | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. | |||||
| CVE-2019-15028 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. | |||||
| CVE-2019-4163 | 1 Ibm | 1 Storediq | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. | |||||
| CVE-2019-9461 | 1 Google | 1 Android | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-9835 | 1 Fujitsu | 4 Gk900, Gk900 Firmware, Lx901 and 1 more | 2024-02-28 | 5.8 MEDIUM | 9.6 CRITICAL |
| The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption. | |||||
| CVE-2019-11211 | 1 Tibco | 2 Enterprise Runtime For R, Spotfire Analytics Platform For Aws | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
| The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0. | |||||
| CVE-2018-7125 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-4298 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. | |||||
| CVE-2019-12499 | 1 Firejail Project | 1 Firejail | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
| Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736. | |||||
| CVE-2019-15330 | 1 Webp Express Project | 1 Webp Express | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. | |||||
| CVE-2019-6628 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier. | |||||
| CVE-2019-1246 | 1 Microsoft | 10 Office, Office 365 Proplus, Windows 10 and 7 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2018-14714 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter. | |||||
| CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||||
| CVE-2019-14728 | 1 Control-webpanel | 1 Webpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. | |||||
| CVE-2019-6160 | 1 Lenovo | 13 Home Media Network Hard Drive, Home Media Network Hard Drive Firmware, Ix12-300r and 10 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. | |||||
| CVE-2019-9178 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5). | |||||
| CVE-2019-2708 | 1 Oracle | 1 Berkeley Db | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | |||||