Export limit exceeded: 348207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25204 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25204 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7353 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. | ||||
| CVE-2019-7312 | 1 Primx | 3 Zed, Zedmail, Zonecentral | 2024-11-21 | N/A |
| Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it. | ||||
| CVE-2019-7308 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-11-21 | N/A |
| kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. | ||||
| CVE-2019-7305 | 3 Canonical, Debian, Extplorer | 3 Ubuntu Linux, Debian Linux, Extplorer | 2024-11-21 | 5.8 Medium |
| Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian | ||||
| CVE-2019-7292 | 2 Apple, Redhat | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 6.5 Medium |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
| CVE-2019-7259 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 8.8 High |
| Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. | ||||
| CVE-2019-7222 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2024-11-21 | 5.5 Medium |
| The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | ||||
| CVE-2019-7217 | 1 Citrix | 1 Sharefile | 2024-11-21 | N/A |
| Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required. | ||||
| CVE-2019-7178 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.2 High |
| Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | ||||
| CVE-2019-7005 | 1 Avaya | 1 Ip Office | 2024-11-21 | 7.5 High |
| A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. | ||||
| CVE-2019-6852 | 1 Schneider-electric | 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more | 2024-11-21 | 7.5 High |
| A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. | ||||
| CVE-2019-6851 | 1 Schneider-electric | 46 Modicon M340, Modicon M340 Firmware, Modicon M580 and 43 more | 2024-11-21 | 7.5 High |
| A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol. | ||||
| CVE-2019-6850 | 1 Schneider-electric | 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more | 2024-11-21 | 7.5 High |
| A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. | ||||
| CVE-2019-6849 | 1 Schneider-electric | 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more | 2024-11-21 | 7.5 High |
| A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. | ||||
| CVE-2019-6792 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. | ||||
| CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 6.5 Medium |
| An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | ||||
| CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.1 Medium |
| An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | ||||
| CVE-2019-6690 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 7.5 High |
| python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. | ||||
| CVE-2019-6663 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | 5.5 Medium |
| The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. | ||||
| CVE-2019-6654 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 4.3 Medium |
| On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. | ||||