Total
248911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1224 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1225. | |||||
| CVE-2019-3802 | 1 Pivotal Software | 1 Spring Data Java Persistance Api | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. | |||||
| CVE-2019-12572 | 2 Londontrustmedia, Microsoft | 2 Private Internet Access, Windows | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\. A low privileged user can create a C:\etc\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts. | |||||
| CVE-2019-14947 | 1 Ultimatemember | 1 Ultimate Member | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | |||||
| CVE-2017-7912 | 1 Hanwhasecurity | 2 Srn-4000, Srn-4000 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | |||||
| CVE-2019-0666 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772. | |||||
| CVE-2019-9274 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-4029 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution. | |||||
| CVE-2019-2101 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968. | |||||
| CVE-2019-8041 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2018-1720 | 1 Ibm | 1 Sterling B2b Integrator | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294. | |||||
| CVE-2019-12821 | 1 Jisiwei | 2 I3, I3 Firmware | 2023-12-10 | 5.8 MEDIUM | 4.8 MEDIUM |
| A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial "JSW" substring followed by a six digit number that depends on the specific device. | |||||
| CVE-2019-3927 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user's password and gain access to restricted areas on the HTTP interface. | |||||
| CVE-2019-13286 | 2 Fedoraproject, Glyphandcog | 2 Fedora, Xpdfreader | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. | |||||
| CVE-2016-11006 | 1 Usabilitydynamics | 1 Wp-invoice | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | |||||
| CVE-2019-14804 | 1 Una | 1 Una | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. | |||||
| CVE-2019-7122 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). | |||||
| CVE-2019-0173 | 1 Intel | 1 Raid Web Console 2 | 2023-12-10 | 5.8 MEDIUM | 7.6 HIGH |
| Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. | |||||