Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14820 | 1 Redhat | 7 Jboss Enterprise Application Platform, Jboss Fuse, Jboss Single Sign On and 4 more | 2024-11-21 | 4.3 Medium |
| It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information. | ||||
| CVE-2019-14800 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. | ||||
| CVE-2019-14666 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.8 High |
| GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. | ||||
| CVE-2019-14540 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 28 Debian Linux, Jackson-databind, Fedora and 25 more | 2024-11-21 | 9.8 Critical |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. | ||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 9.8 Critical |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | ||||
| CVE-2019-14439 | 6 Apache, Debian, Fasterxml and 3 more | 20 Drill, Debian Linux, Jackson-databind and 17 more | 2024-11-21 | 7.5 High |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | ||||
| CVE-2019-14367 | 1 Slack-chat Project | 1 Slack-chat | 2024-11-21 | 7.5 High |
| Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | ||||
| CVE-2019-14366 | 1 Slack | 1 Wp Slacksync | 2024-11-21 | 7.5 High |
| WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | ||||
| CVE-2019-14365 | 1 Intercom | 1 Intercom | 2024-11-21 | 7.5 High |
| The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | ||||
| CVE-2019-14301 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2024-11-21 | 7.5 High |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2019-14280 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A |
| In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public. | ||||
| CVE-2019-13744 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13737 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2019-13557 | 1 Philips | 2 Tasy Emr, Tasy Webportal | 2024-11-21 | 5.3 Medium |
| In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | ||||
| CVE-2019-13523 | 1 Honeywell | 118 H2w2pc1m, H2w2pc1m Firmware, H2w2per3 and 115 more | 2024-11-21 | 5.3 Medium |
| In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. | ||||
| CVE-2019-13457 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on. | ||||
| CVE-2019-13456 | 4 Freeradius, Linux, Opensuse and 1 more | 4 Freeradius, Linux Kernel, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. | ||||
| CVE-2019-13421 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. | ||||
| CVE-2019-13420 | 1 Search-guard | 1 Search Guard | 2024-11-21 | 5.9 Medium |
| Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. | ||||
| CVE-2019-13419 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. | ||||