Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1453 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | |||||
| CVE-2019-14596 | 1 Intel | 1 Chipset Inf Utility | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-1460 | 1 Microsoft | 1 Outlook | 2020-08-24 | 3.5 LOW | 4.6 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | |||||
| CVE-2019-1461 | 1 Microsoft | 3 Office, Office 365 Proplus, Word | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
| A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. | |||||
| CVE-2019-14654 | 1 Joomla | 1 Joomla\! | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. | |||||
| CVE-2019-14707 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI. | |||||
| CVE-2019-1476 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483. | |||||
| CVE-2019-14765 | 1 Dimo-crm | 1 Yellowbox Crm | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | |||||
| CVE-2019-1477 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-14773 | 1 Webcraftic | 1 Woody Ad Snippets | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. | |||||
| CVE-2019-1478 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-14783 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | |||||
| CVE-2019-6590 | 1 F5 | 1 Big-ip Local Traffic Manager | 2020-08-24 | 7.1 HIGH | 5.9 MEDIUM |
| On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. | |||||
| CVE-2019-14809 | 2 Debian, Golang | 2 Debian Linux, Go | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | |||||
| CVE-2019-1488 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-14920 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature. | |||||
| CVE-2019-14940 | 1 Spdk | 1 Storage Performance Development Kit | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. | |||||
| CVE-2019-14986 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2020-08-24 | 9.3 HIGH | 8.1 HIGH |
| eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed. | |||||
| CVE-2019-15009 | 1 Atlassian | 2 Crucible, Fisheye | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | |||||
| CVE-2019-15024 | 1 Yandex | 1 Clickhouse | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem. | |||||