ReportizFlow
Filtered by vendor
Subscriptions
Total
12642 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12290 | 1 Gnu | 1 Libidn2 | 2024-11-21 | 7.5 High |
| GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. | ||||
| CVE-2019-12157 | 1 Jetbrains | 2 Teamcity, Upsource | 2024-11-21 | 9.8 Critical |
| In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | ||||
| CVE-2019-11998 | 1 Hpe | 2 Superdome Flex Server, Superdome Flex Server Firmware | 2024-11-21 | 5.5 Medium |
| HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product. | ||||
| CVE-2019-11980 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11968 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11967 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11857 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 9.1 Critical |
| Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. | ||||
| CVE-2019-11832 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
| TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. | ||||
| CVE-2019-11781 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.8 High |
| Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation. | ||||
| CVE-2019-11716 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11714 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11698 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-11-21 | N/A |
| If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | ||||
| CVE-2019-11697 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67. | ||||
| CVE-2019-11696 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67. | ||||
| CVE-2019-11595 | 1 Ublockorigin | 1 Ublock Origin | 2024-11-21 | N/A |
| In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | ||||
| CVE-2019-11500 | 4 Debian, Dovecot, Fedoraproject and 1 more | 5 Debian Linux, Dovecot, Pigeonhole and 2 more | 2024-11-21 | N/A |
| In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. | ||||
| CVE-2019-11460 | 1 Gnome | 1 Gnome-desktop | 2024-11-21 | N/A |
| An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | ||||
| CVE-2019-11417 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2024-11-21 | N/A |
| system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. | ||||
| CVE-2019-11340 | 1 Matrix | 1 Sydent | 2024-11-21 | N/A |
| util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on [email protected]@good.example.com returns the [email protected] substring. | ||||
| CVE-2019-11289 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-11-21 | 8.6 High |
| Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | ||||