Total
28702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0314 | 1 Sap | 2 Inventory Manager, Work Manager | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2019-15718 | 3 Fedoraproject, Redhat, Systemd Project | 14 Fedora, Enterprise Linux, Enterprise Linux Eus and 11 more | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
| In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | |||||
| CVE-2019-7876 | 1 Magento | 1 Magento | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout. | |||||
| CVE-2019-0172 | 1 Intel | 1 Unite | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access. | |||||
| CVE-2019-9485 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
| CVE-2019-0838 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839. | |||||
| CVE-2019-8387 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. | |||||
| CVE-2019-10922 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-2771 | 1 Oracle | 1 Bi Publisher | 2024-02-28 | 6.0 MEDIUM | 8.2 HIGH |
| Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of BI Publisher (formerly XML Publisher). CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L). | |||||
| CVE-2019-0643 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. | |||||
| CVE-2019-15698 | 1 Octopus | 1 Octopus Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. | |||||
| CVE-2019-0960 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1014, CVE-2019-1017. | |||||
| CVE-2019-2778 | 4 Canonical, Fedoraproject, Oracle and 1 more | 8 Ubuntu Linux, Fedora, Mysql and 5 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). | |||||
| CVE-2019-6616 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode. | |||||
| CVE-2019-0702 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782. | |||||
| CVE-2019-9600 | 1 Theolivetree | 1 Ftp Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets. | |||||
| CVE-2019-5802 | 2 Google, Opensuse | 3 Chrome, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2018-5927 | 1 Hp | 1 Support Assistant | 2024-02-28 | 4.1 MEDIUM | 7.3 HIGH |
| HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. | |||||
| CVE-2019-4045 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. | |||||
| CVE-2019-5954 | 1 Jreast | 1 Jr East Japan | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors. | |||||