Total
12531 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8561 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.8 High |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges. | ||||
| CVE-2019-8549 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 7.8 High |
| Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2019-8516 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 7.5 High |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. | ||||
| CVE-2019-8515 | 2 Apple, Redhat | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 6.5 Medium |
| A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | ||||
| CVE-2019-8507 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.5 Medium |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination. | ||||
| CVE-2019-8503 | 2 Apple, Redhat | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 8.8 High |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | ||||
| CVE-2019-8502 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 3.3 Low |
| An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization. | ||||
| CVE-2019-8379 | 4 Advancemame, Debian, Fedoraproject and 1 more | 7 Advancecomp, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | ||||
| CVE-2019-8324 | 4 Debian, Opensuse, Redhat and 1 more | 9 Debian Linux, Leap, Cloudforms Managementengine and 6 more | 2024-11-21 | 8.8 High |
| An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. | ||||
| CVE-2019-7959 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2024-11-21 | N/A |
| Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7899 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | ||||
| CVE-2019-7898 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. | ||||
| CVE-2019-7885 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. | ||||
| CVE-2019-7843 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | N/A |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | ||||
| CVE-2019-7617 | 1 Elastic | 1 Apm Agent | 2024-11-21 | N/A |
| When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing. | ||||
| CVE-2019-7610 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-11-21 | N/A |
| Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||
| CVE-2019-7589 | 1 Johnsoncontrols | 1 Entrapass | 2024-11-21 | 9.8 Critical |
| A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior. | ||||
| CVE-2019-7443 | 4 Fedoraproject, Kde, Opensuse and 1 more | 5 Fedora, Kauth, Backports and 2 more | 2024-11-21 | N/A |
| KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. | ||||
| CVE-2019-7412 | 1 Ps Phpcaptcha Wp Project | 1 Ps Phpcaptcha Wp | 2024-11-21 | N/A |
| The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. | ||||
| CVE-2019-7292 | 2 Apple, Redhat | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 6.5 Medium |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||