ReportizFlow
Filtered by vendor
Subscriptions
Total
34023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12418 | 7 Apache, Canonical, Debian and 4 more | 7 Tomcat, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 7.0 High |
| When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. | ||||
| CVE-2019-12413 | 1 Apache | 1 Superset | 2024-11-21 | 5.3 Medium |
| In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | ||||
| CVE-2019-12305 | 1 Actions-micro | 2 Ezcast Pro Ii, Ezcast Pro Ii Firmware | 2024-11-21 | 6.5 Medium |
| In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device. | ||||
| CVE-2019-12301 | 1 Percona | 1 Percona Server | 2024-11-21 | N/A |
| The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2. | ||||
| CVE-2019-12292 | 1 Citrix | 1 Appdna | 2024-11-21 | N/A |
| Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. | ||||
| CVE-2019-12291 | 1 Hashicorp | 1 Consul | 2024-11-21 | N/A |
| HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured. | ||||
| CVE-2019-12278 | 1 Opera | 1 Opera | 2024-11-21 | 4.3 Medium |
| Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL. | ||||
| CVE-2019-12262 | 3 Belden, Siemens, Windriver | 42 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 39 more | 2024-11-21 | 9.8 Critical |
| Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). | ||||
| CVE-2019-12248 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources. | ||||
| CVE-2019-12243 | 1 Istio | 1 Istio | 2024-11-21 | N/A |
| Istio 1.1.x through 1.1.6 has Incorrect Access Control. | ||||
| CVE-2019-12210 | 1 Yubico | 1 Pam-u2f | 2024-11-21 | N/A |
| In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation. | ||||
| CVE-2019-12204 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 9.8 Critical |
| In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | ||||
| CVE-2019-12180 | 1 Smartbear | 2 Readyapi, Soapui | 2024-11-21 | 7.8 High |
| An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. | ||||
| CVE-2019-12165 | 1 Mitel | 2 Micollab, Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 9.8 Critical |
| MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands. | ||||
| CVE-2019-12164 | 1 Status | 1 React Native Desktop | 2024-11-21 | N/A |
| ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution. | ||||
| CVE-2019-12163 | 1 Gatship | 1 Web Module | 2024-11-21 | 5.3 Medium |
| GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request. | ||||
| CVE-2019-12135 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-11-21 | N/A |
| An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector. | ||||
| CVE-2019-12124 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.1 Critical |
| An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected. | ||||
| CVE-2019-12098 | 4 Debian, Fedoraproject, Heimdal Project and 1 more | 5 Debian Linux, Fedora, Heimdal and 2 more | 2024-11-21 | 7.4 High |
| In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. | ||||
| CVE-2019-12002 | 1 Hpe | 12 Msa 1040, Msa 1040 Firmware, Msa 1050 and 9 more | 2024-11-21 | 9.8 Critical |
| A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. | ||||