Total
28702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7439 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. | |||||
| CVE-2019-2629 | 1 Oracle | 1 Health Sciences Data Management Workbench | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Health Sciences Data Management Workbench component of Oracle Health Sciences Applications (subcomponent: User Interface). The supported version that is affected is 2.4.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences Data Management Workbench accessible data as well as unauthorized read access to a subset of Oracle Health Sciences Data Management Workbench accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2019-4088 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. | |||||
| CVE-2019-6641 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack. | |||||
| CVE-2019-11661 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 6.5 MEDIUM | 8.3 HIGH |
| Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data. | |||||
| CVE-2019-11162 | 1 Intel | 1 Computing Improvement Program | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | |||||
| CVE-2019-2623 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-0962 | 1 Microsoft | 1 Azure Automation | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1037 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0845 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'. | |||||
| CVE-2019-11650 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. | |||||
| CVE-2019-12594 | 2 Debian, Dosbox | 2 Debian Linux, Dosbox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| DOSBox 0.74-2 has Incorrect Access Control. | |||||
| CVE-2019-12532 | 1 Insyde | 6 H2oelv, H2offt, H2ooae and 3 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08. | |||||
| CVE-2019-2745 | 6 Canonical, Debian, Hp and 3 more | 7 Ubuntu Linux, Debian Linux, Xp7 Command View and 4 more | 2024-02-28 | 1.9 LOW | 5.1 MEDIUM |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2019-5392 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-8456 | 1 Checkpoint | 1 Ipsec Vpn | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. | |||||
| CVE-2018-17486 | 1 Jollytech | 1 Lobby Track | 2024-02-28 | 3.6 LOW | 5.5 MEDIUM |
| Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host. | |||||
| CVE-2018-19359 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. | |||||
| CVE-2019-2663 | 1 Oracle | 1 Advanced Outbound Telephony | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2018-12550 | 1 Eclipse | 1 Mosquitto | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. | |||||