Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15685 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. | |||||
| CVE-2019-15686 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2020-08-24 | 5.8 MEDIUM | 4.3 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass. | |||||
| CVE-2019-15650 | 1 Easyupdatesmanager | 1 Easy Updates Manager | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. | |||||
| CVE-2019-15657 | 1 Eslint-utils Project | 1 Eslint-utils | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. | |||||
| CVE-2019-15707 | 1 Fortinet | 1 Fortimail | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | |||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | |||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | |||||
| CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2020-08-24 | 5.2 MEDIUM | 8.0 HIGH |
| Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | |||||
| CVE-2019-1572 | 1 Paloaltonetworks | 1 Pan-os | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | |||||
| CVE-2019-15737 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. | |||||
| CVE-2019-15742 | 1 Plantronics | 1 Plantronics Hub | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges. | |||||
| CVE-2019-3597 | 1 Mcafee | 1 Network Security Manager | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | |||||
| CVE-2019-15804 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. | |||||
| CVE-2019-15821 | 1 Bold-themes | 1 Bold Page Builder | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. | |||||
| CVE-2018-0849 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | |||||
| CVE-2018-0845 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | |||||
| CVE-2018-2858 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-0848 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | |||||
| CVE-2018-14768 | 1 Vivotek | 1 Camera | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. | |||||
| CVE-2018-14770 | 1 Vivotek | 1 Camera | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). | |||||