| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-3000 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Admin... | S | |
| CVE-2019-3001 | Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component:... | S | |
| CVE-2019-3002 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2019-3003 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th... | S | |
| CVE-2019-3004 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported ver... | S | |
| CVE-2019-3005 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2019-3008 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The support... | S | |
| CVE-2019-3009 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported... | S | |
| CVE-2019-3010 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The support... | KEV E S | |
| CVE-2019-3011 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported vers... | S | |
| CVE-2019-3012 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle... | S | |
| CVE-2019-3014 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Perf... | S | |
| CVE-2019-3015 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Inte... | S | |
| CVE-2019-3016 | In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memo... | S | |
| CVE-2019-3017 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2019-3018 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th... | S | |
| CVE-2019-3019 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applicat... | S | |
| CVE-2019-3020 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc... | S | |
| CVE-2019-3021 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2019-3022 | Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content).... | S | |
| CVE-2019-3023 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Styl... | S | |
| CVE-2019-3024 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineerin... | S | |
| CVE-2019-3025 | Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications.... | E S | |
| CVE-2019-3026 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2019-3027 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component... | S | |
| CVE-2019-3028 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2019-3031 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2019-3309 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2019-3394 | There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via ... | S | |
| CVE-2019-3395 | The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed v... | S | |
| CVE-2019-3396 | The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version f... | KEV E S | |
| CVE-2019-3397 | Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the f... | M | |
| CVE-2019-3398 | Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments r... | KEV E S | |
| CVE-2019-3399 | The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before versio... | | |
| CVE-2019-3400 | The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows ... | | |
| CVE-2019-3401 | The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version ... | | |
| CVE-2019-3402 | The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before v... | | |
| CVE-2019-3403 | The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before v... | | |
| CVE-2019-3404 | By adding some special fields to the uri ofrouter app function, the user could abuse background app ... | | |
| CVE-2019-3405 | In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deau... | | |
| CVE-2019-3409 | All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by comman... | | |
| CVE-2019-3410 | All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-... | | |
| CVE-2019-3411 | All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. ... | | |
| CVE-2019-3412 | All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability.... | | |
| CVE-2019-3413 | All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the ... | | |
| CVE-2019-3414 | All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, wh... | | |
| CVE-2019-3415 | ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path... | | |
| CVE-2019-3416 | All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulne... | | |
| CVE-2019-3417 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerabi... | | |
| CVE-2019-3418 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulner... | | |
| CVE-2019-3419 | A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2... | | |
| CVE-2019-3420 | All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vu... | | |
| CVE-2019-3421 | The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a... | | |
| CVE-2019-3422 | The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to Z... | | |
| CVE-2019-3423 | permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 s... | | |
| CVE-2019-3424 | authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart cam... | | |
| CVE-2019-3425 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vuln... | | |
| CVE-2019-3426 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the ... | | |
| CVE-2019-3427 | The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. A... | | |
| CVE-2019-3428 | The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerabili... | | |
| CVE-2019-3429 | All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerabili... | | |
| CVE-2019-3430 | All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure ... | | |
| CVE-2019-3431 | All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulner... | | |
| CVE-2019-3459 | A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel be... | E S | |
| CVE-2019-3460 | A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux ker... | E S | |
| CVE-2019-3461 | Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() whi... | | |
| CVE-2019-3462 | Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and ea... | S | |
| CVE-2019-3463 | Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, ... | | |
| CVE-2019-3464 | Insufficient sanitization of environment variables passed to rsync can bypass the restrictions impos... | | |
| CVE-2019-3465 | Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, perform... | S | |
| CVE-2019-3466 | The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when c... | E S | |
| CVE-2019-3467 | Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debi... | E S | |
| CVE-2019-3468 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-3469 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-3470 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-3471 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-3472 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-3473 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-3474 | Path traversal vulnerability in Filr web application | E | |
| CVE-2019-3475 | Local privilege escalation in Filr famtd | E | |
| CVE-2019-3476 | Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability coul... | | |
| CVE-2019-3477 | Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.... | | |
| CVE-2019-3479 | Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.... | | |
| CVE-2019-3480 | Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.... | | |
| CVE-2019-3481 | Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.... | | |
| CVE-2019-3482 | Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.... | | |
| CVE-2019-3483 | Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.... | | |
| CVE-2019-3484 | Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.... | | |
| CVE-2019-3485 | ArcSight Logger stored cross site script issue in version prior to 6.7.1 | S | |
| CVE-2019-3486 | ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1 | S | |
| CVE-2019-3489 | An unauthenticated file upload vulnerability has been identified in the Web Client component of Micr... | | |
| CVE-2019-3490 | A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Ser... | | |
| CVE-2019-3493 | A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.... | | |
| CVE-2019-3494 | Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter... | E | |
| CVE-2019-3495 | An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nd... | E | |
| CVE-2019-3496 | An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_... | E | |
| CVE-2019-3497 | An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping ... | E | |
| CVE-2019-3498 | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutraliza... | S | |
| CVE-2019-3500 | aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and pass... | S | |
| CVE-2019-3501 | The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandl... | E | |
| CVE-2019-3552 | C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of ... | S | |
| CVE-2019-3553 | C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes la... | S | |
| CVE-2019-3554 | Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leadin... | S | |
| CVE-2019-3556 | HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of t... | S | |
| CVE-2019-3557 | The implementations of streams for bz2 and php://output improperly implemented their readImpl functi... | S | |
| CVE-2019-3558 | Python Facebook Thrift servers would not error upon receiving messages with containers of fields of ... | S | |
| CVE-2019-3559 | Java Facebook Thrift servers would not error upon receiving messages with containers of fields of un... | S | |
| CVE-2019-3560 | An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infi... | S | |
| CVE-2019-3561 | Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds me... | | |
| CVE-2019-3562 | A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker ... | | |
| CVE-2019-3563 | Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a ... | S | |
| CVE-2019-3564 | Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unkn... | S | |
| CVE-2019-3565 | Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messag... | S | |
| CVE-2019-3566 | A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who h... | | |
| CVE-2019-3567 | In some configurations an attacker can inject a new executable path into the extensions.load file fo... | | |
| CVE-2019-3568 | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially c... | KEV | |
| CVE-2019-3569 | HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could... | S | |
| CVE-2019-3570 | Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted ... | S | |
| CVE-2019-3571 | An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows maliciou... | | |
| CVE-2019-3572 | An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function wri... | E | |
| CVE-2019-3573 | In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fr... | E | |
| CVE-2019-3574 | In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file l... | E | |
| CVE-2019-3575 | Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text ar... | E | |
| CVE-2019-3576 | inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure ... | | |
| CVE-2019-3577 | An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows ... | | |
| CVE-2019-3578 | MyBB 1.8.19 has XSS in the resetpassword function.... | | |
| CVE-2019-3579 | MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the usernam... | | |
| CVE-2019-3580 | OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the ... | E | |
| CVE-2019-3581 | McAfee Web Gateway denial of service attack due to Improper Input Validation | S | |
| CVE-2019-3582 | McAfee Endpoint Security updates fix a privilege escalation vulnerability | | |
| CVE-2019-3584 | Exploitation of Authentication vulnerability | | |
| CVE-2019-3585 | VSE Escalation of Privileges through Alert pop-up window | | |
| CVE-2019-3586 | McAfee Endpoint Security firewall not always acting on GTI lookup results | | |
| CVE-2019-3587 | DLL Search Order Hijacking vulnerability | | |
| CVE-2019-3588 | Using VSE to bypass Windows Credentials on Lock screen | | |
| CVE-2019-3591 | DLP Endpoint ePO extension vulnerable to XSS | | |
| CVE-2019-3592 | MA for Windows update addresses weak directory permissions | | |
| CVE-2019-3593 | Exploitation of Privilege/Trust vulnerability | | |
| CVE-2019-3595 | DLP Endpoint ePO extension not sanitizing CSV exports | | |
| CVE-2019-3597 | Authentication bypass in McAfee Network Security Manager 9.x | | |
| CVE-2019-3598 | McAfee Agent update fixes a vulnerability in handling UDP requests | | |
| CVE-2019-3599 | McAfee Agent update fixes an Information Disclosure vulnerability | | |
| CVE-2019-3602 | Cross site scripting vulnerability in McAfee NSM impacting authenticated users | | |
| CVE-2019-3604 | ePolicy Orchestrator Cloud update fixes multiple Cross-Site Request Forgery vulnerabilities | | |
| CVE-2019-3606 | Data leakage when in an MDR pair by McAfee Network Security Manager 9.x | | |
| CVE-2019-3610 | True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability | | |
| CVE-2019-3612 | Information disclosure vulnerability in McAfee TIE Server and DXL Platform | | |
| CVE-2019-3613 | DLL search order hijacking in MA | | |
| CVE-2019-3615 | Data Leakage Vulnerability in McAfee Database Security web interface | | |
| CVE-2019-3617 | Privilege escalation in ToPS for Mac | | |
| CVE-2019-3619 | Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x... | | |
| CVE-2019-3621 | DLP Endpoint Windows lock screen bypass with physical access | | |
| CVE-2019-3622 | DLP Endpoint log file redirection to arbitrary locations | | |
| CVE-2019-3628 | Privilege escalation could allow authenticated user to gain access to a core system | | |
| CVE-2019-3629 | Application protections bypass vulnerability could allow unauthenticated user to impersonate system users | | |
| CVE-2019-3630 | Command Injection could allow authenticated users to execute arbitrary code | | |
| CVE-2019-3631 | Command Injection could allow authenticated users to execute arbitrary code | | |
| CVE-2019-3632 | Directory Traversal vulnerability could lead to elevated privileges | | |
| CVE-2019-3633 | Buffer overflow in DLP Endpoint for Windows | | |
| CVE-2019-3634 | Buffer overflow in DLP Endpoint for Windows | | |
| CVE-2019-3635 | MWG Proxy: Cross-Frame Scripting vulnerability | | |
| CVE-2019-3636 | File masquerade attack vulnerability in McAfee Total Protection | | |
| CVE-2019-3637 | Privilege Escalation vulnerability in FRP 5.x earlier than 5.1.0.209 | | |
| CVE-2019-3638 | Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability | | |
| CVE-2019-3639 | MWG UI: Cross-Frame Scripting vulnerability | | |
| CVE-2019-3640 | Data Loss Prevention - Unprotected Transport of Credentials | | |
| CVE-2019-3641 | Exploitation of Authorization in TIE Server | | |
| CVE-2019-3643 | MWG scanners updated to address CVE-2019-9511 | | |
| CVE-2019-3644 | MWG scanners updated to address CVE-2019-9517 | | |
| CVE-2019-3646 | McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability | | |
| CVE-2019-3648 | Implicit loading of DLLs | | |
| CVE-2019-3649 | Advanced Threat Defense (ATD) - Information Disclosure vulnerability | | |
| CVE-2019-3650 | Advanced Threat Defense (ATD) - Information Disclosure vulnerability | | |
| CVE-2019-3651 | Advanced Threat Defense (ATD) - Information Disclosure vulnerability | | |
| CVE-2019-3652 | ENS code injection in EPSetup.exe | | |
| CVE-2019-3653 | ESConfig Tool access not controlled | | |
| CVE-2019-3654 | Client Proxy (MCP) - Authentication Bypass vulnerability | | |
| CVE-2019-3660 | Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests | | |
| CVE-2019-3661 | Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | | |
| CVE-2019-3662 | Advanced Threat Defense (ATD) - Path Traversal: '/absolute/pathname/here' vulnerability | | |
| CVE-2019-3663 | Advanced Threat Defense (ATD) - Unprotected storage of shared credentials vulnerability | | |
| CVE-2019-3665 | Code Injection vulnerability | | |
| CVE-2019-3666 | API Abuse Vulnerability | | |
| CVE-2019-3667 | DLL Search Order Hijacking | | |
| CVE-2019-3670 | Remote Code Execution vulnerability | | |
| CVE-2019-3681 | osc: stores downloaded (supposed) RPM in network-controlled filesystem paths | E | |
| CVE-2019-3682 | Insecure API port exposed to all Master Node guest containers | | |
| CVE-2019-3683 | keystone_json_assignment backend granted access to any project for users in user-project-map.json | | |
| CVE-2019-3684 | susemanager installer creates world-readable swap files | E | |
| CVE-2019-3685 | Missing TLS certificate validation for HTTPS connections in osc | E S | |
| CVE-2019-3686 | XSS in distri and version parameter in openQA | | |
| CVE-2019-3687 | "easy" permission profile allows everyone execute dumpcap and read all network traffic | | |
| CVE-2019-3688 | squid: /usr/sbin/pinger packaged with wrong permission | | |
| CVE-2019-3689 | nfs-utils: root-owned files stored in insecure /var/lib/nfs directory | S | |
| CVE-2019-3690 | chkstat follows untrusted symbolic links | | |
| CVE-2019-3691 | Local privilege escalation from user munge to root | E | |
| CVE-2019-3692 | Local privilege escalation from user news to root in the packaging of inn | E | |
| CVE-2019-3693 | Local privilege escalation from user wwwrun to root in the packaging of mailman | | |
| CVE-2019-3694 | Local privilege escalation from munin to root in the packaging of munin | | |
| CVE-2019-3695 | pcp: Local privilege escalation from user pcp to root | E | |
| CVE-2019-3696 | pcp: Local privilege escalation from user pcp to root through migrate_tempdirs | E | |
| CVE-2019-3697 | Local privilege escalation from user gnump3d to root | E | |
| CVE-2019-3698 | nagios cron job allows privilege escalation from user nagios to root | E S | |
| CVE-2019-3699 | Local privilege escalation from user privoxy to root | | |
| CVE-2019-3700 | yast: Fallback to DES without configuration in /etc/login.def | | |
| CVE-2019-3701 | An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The C... | E S | |
| CVE-2019-3702 | A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows re... | E | |
| CVE-2019-3704 | VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command inj... | | |
| CVE-2019-3705 | Buffer Overflow Vulnerability | | |
| CVE-2019-3706 | Web Interface Authentication Bypass Vulnerability | | |
| CVE-2019-3707 | WS-MAN Authentication Bypass Vulnerability | | |
| CVE-2019-3708 | Cross-Site Scripting Vulnerability in OVA file upload feature | | |
| CVE-2019-3709 | Cross-Site Scripting Vulnerability while registering vCenter servers | | |
| CVE-2019-3710 | DSA-2019-034: Dell EMC Networking OS10 Undocumented Default Cryptographic Key Vulnerability | | |
| CVE-2019-3711 | DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability | | |
| CVE-2019-3712 | DSA-2019-039: Dell Wyse Device Agent Buffer Overflow Vulnerability | S | |
| CVE-2019-3715 | Information Exposure Vulnerability | | |
| CVE-2019-3716 | Information Exposure Vulnerability | | |
| CVE-2019-3717 | Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An un... | | |
| CVE-2019-3718 | Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerabi... | | |
| CVE-2019-3719 | Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. ... | S | |
| CVE-2019-3720 | Directory Traversal Vulnerability | | |
| CVE-2019-3721 | Improper Range Header Processing Vulnerability | | |
| CVE-2019-3722 | XML External Entity (XXE) Injection Vulnerability | | |
| CVE-2019-3723 | Web Parameter Tampering Vulnerability | | |
| CVE-2019-3724 | Authorization Bypass VulnerabilityRSA Netwitness Platform | | |
| CVE-2019-3725 | Command Injection vulnerability | | |
| CVE-2019-3726 | An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) ... | | |
| CVE-2019-3727 | OS command injection vulnerability | | |
| CVE-2019-3728 | RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, R... | | |
| CVE-2019-3729 | RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerabl... | | |
| CVE-2019-3730 | RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.... | | |
| CVE-2019-3731 | RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior ... | | |
| CVE-2019-3732 | RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3... | | |
| CVE-2019-3733 | RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different ... | | |
| CVE-2019-3734 | Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulner... | | |
| CVE-2019-3735 | Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2... | | |
| CVE-2019-3736 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulne... | | |
| CVE-2019-3737 | Dell EMC Avamar Security Update for ADMe Web UI Vulnerability | | |
| CVE-2019-3738 | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step v... | S | |
| CVE-2019-3739 | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Dis... | S | |
| CVE-2019-3740 | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing ... | S | |
| CVE-2019-3741 | Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vu... | | |
| CVE-2019-3742 | Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerabil... | | |
| CVE-2019-3744 | Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerabilit... | | |
| CVE-2019-3745 | The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.... | | |
| CVE-2019-3746 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authe... | | |
| CVE-2019-3747 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scri... | | |
| CVE-2019-3749 | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local ... | | |
| CVE-2019-3750 | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local ... | | |
| CVE-2019-3751 | Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certi... | S | |
| CVE-2019-3752 | Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Prot... | S | |
| CVE-2019-3753 | Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to... | | |
| CVE-2019-3754 | Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions pri... | | |
| CVE-2019-3756 | RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Inf... | | |
| CVE-2019-3758 | RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. Th... | | |
| CVE-2019-3759 | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products pri... | | |
| CVE-2019-3760 | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products pri... | | |
| CVE-2019-3761 | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products pri... | | |
| CVE-2019-3762 | Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate C... | | |
| CVE-2019-3763 | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products pri... | | |
| CVE-2019-3764 | Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 version... | | |
| CVE-2019-3765 | Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Prot... | | |
| CVE-2019-3766 | Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication a... | | |
| CVE-2019-3767 | Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell Imag... | | |
| CVE-2019-3768 | RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A... | | |
| CVE-2019-3769 | Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerabili... | | |
| CVE-2019-3770 | Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerabili... | | |
| CVE-2019-3772 | Spring Integration XML External Entity Injection (XXE) | S | |
| CVE-2019-3773 | Spring Web Services XML External Entity Injection (XXE) | S | |
| CVE-2019-3774 | Spring Batch XML External Entity Injection (XXE) | M | |
| CVE-2019-3775 | UAA allows users to modify their own email address | | |
| CVE-2019-3776 | Reflected XSS in Pivotal Operations Manager | | |
| CVE-2019-3777 | Apps Manager unverified SSL certs in Cloud Controller proxy | | |
| CVE-2019-3778 | Open Redirect in spring-security-oauth2 | | |
| CVE-2019-3779 | Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD | | |
| CVE-2019-3780 | Cloud Foundry Container Runtime Leaks IAAS Credentials | | |
| CVE-2019-3781 | CF CLI does not sanitize user's password in verbose/trace/debug | | |
| CVE-2019-3782 | CredHub CLI writes environment variable credentials to disk | | |
| CVE-2019-3783 | Cloud Foundry Stratos Deploys With Public Default Session Store Secret | | |
| CVE-2019-3784 | Cloud Foundry Stratos contains a Session Collision Vulnerability | | |
| CVE-2019-3785 | Cloud Controller provides signed URL with write authorization to read only user | | |
| CVE-2019-3786 | BBR could run arbitrary scripts on deployment VMs | | |
| CVE-2019-3787 | UAA defaults email address to an insecure domain | | |
| CVE-2019-3788 | UAA redirect-uri allows wildcard in the subdomain | | |
| CVE-2019-3789 | Gorouter allows space developer to hijack route services hosted outside the platform | | |
| CVE-2019-3790 | Ops Manager uaa client issues tokens after refresh token expiration | | |
| CVE-2019-3791 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-3792 | Concourse 5.0.0 SQL Injection vulnerability | | |
| CVE-2019-3793 | Invitations Service supports HTTP connections | | |
| CVE-2019-3794 | UAA - Login app subject to clickjacking attack | | |
| CVE-2019-3795 | Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security | | |
| CVE-2019-3796 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-3797 | Additional information exposure with Spring Data JPA derived queries | | |
| CVE-2019-3798 | Escalation of Privileges in Cloud Controller | | |
| CVE-2019-3799 | Directory Traversal with spring-cloud-config-server | S | |
| CVE-2019-3800 | CF CLI writes the client id and secret to config file | | |
| CVE-2019-3801 | Java Projects using HTTP to fetch dependencies | | |
| CVE-2019-3802 | Additional information exposure with Spring Data JPA example matcher | | |
| CVE-2019-3803 | Concourse includes token in CLI authentication callback | | |
| CVE-2019-3804 | It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly res... | S | |
| CVE-2019-3805 | A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are ab... | | |
| CVE-2019-3806 | An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are n... | | |
| CVE-2019-3807 | An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer... | | |
| CVE-2019-3808 | A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earl... | S | |
| CVE-2019-3809 | A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack f... | S | |
| CVE-2019-3810 | A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earl... | E S | |
| CVE-2019-3811 | A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would r... | S | |
| CVE-2019-3812 | QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up t... | S | |
| CVE-2019-3813 | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one e... | | |
| CVE-2019-3814 | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certi... | E | |
| CVE-2019-3815 | A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux... | | |
| CVE-2019-3816 | Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because t... | | |
| CVE-2019-3817 | A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees ar... | E S | |
| CVE-2019-3818 | The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform d... | S | |
| CVE-2019-3819 | A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debu... | S | |
| CVE-2019-3820 | It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict a... | E S | |
| CVE-2019-3821 | A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL ena... | | |
| CVE-2019-3822 | libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The f... | E S | |
| CVE-2019-3823 | libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the cod... | E S | |
| CVE-2019-3824 | A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of ... | S | |
| CVE-2019-3825 | A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, a... | E M | |
| CVE-2019-3826 | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. A... | S | |
| CVE-2019-3827 | An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allo... | S | |
| CVE-2019-3828 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which ... | S | |
| CVE-2019-3829 | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double fr... | E S | |
| CVE-2019-3830 | A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilo... | S | |
| CVE-2019-3831 | A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The s... | S | |
| CVE-2019-3832 | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read b... | E S | |
| CVE-2019-3833 | Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection... | | |
| CVE-2019-3834 | It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). T... | | |
| CVE-2019-3835 | It was found that the superexec operator was available in the internal dictionary in ghostscript bef... | | |
| CVE-2019-3836 | It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer acc... | E | |
| CVE-2019-3837 | It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thre... | S | |
| CVE-2019-3838 | It was found that the forceput operator could be extracted from the DefineResource method in ghostsc... | S | |
| CVE-2019-3839 | It was found that in ghostscript some privileged operators remained accessible from various places a... | S | |
| CVE-2019-3840 | A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets in... | E S | |
| CVE-2019-3841 | Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certific... | E M | |
| CVE-2019-3842 | In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the enviro... | E | |
| CVE-2019-3843 | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binar... | S | |
| CVE-2019-3844 | It was discovered that a systemd service that uses DynamicUser property can get new privileges throu... | S | |
| CVE-2019-3845 | A lack of access control was found in the message queues maintained by Satellite's QPID broker and u... | M | |
| CVE-2019-3846 | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the ... | E S | |
| CVE-2019-3847 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "... | S | |
| CVE-2019-3848 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not cor... | S | |
| CVE-2019-3849 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign thems... | S | |
| CVE-2019-3850 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within ass... | S | |
| CVE-2019-3851 | A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home w... | S | |
| CVE-2019-3852 | A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users... | S | |
| CVE-2019-3853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-3854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-3855 | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before... | S | |
| CVE-2019-3856 | An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 befo... | S | |
| CVE-2019-3857 | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before... | S | |
| CVE-2019-3858 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP pack... | S | |
| CVE-2019-3859 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and... | S | |
| CVE-2019-3860 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty... | S | |
| CVE-2019-3861 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padd... | S | |
| CVE-2019-3862 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST... | S | |
| CVE-2019-3863 | A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive respon... | S | |
| CVE-2019-3864 | A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where P... | | |
| CVE-2019-3865 | A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super us... | | |
| CVE-2019-3866 | An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files ... | | |
| CVE-2019-3867 | A vulnerability was found in the Quay web application. Sessions in the Quay web application never ex... | M | |
| CVE-2019-3868 | Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the se... | | |
| CVE-2019-3869 | When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to p... | S | |
| CVE-2019-3870 | A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.... | E S | |
| CVE-2019-3871 | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insuffi... | E S | |
| CVE-2019-3872 | It was found that a SAMLRequest containing a script could be processed by Picketlink versions shippe... | | |
| CVE-2019-3873 | It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept ... | | |
| CVE-2019-3874 | The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An... | S | |
| CVE-2019-3875 | A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verificatio... | S | |
| CVE-2019-3876 | A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing ... | | |
| CVE-2019-3877 | A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allo... | S | |
| CVE-2019-3878 | A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse pr... | E S | |
| CVE-2019-3879 | It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggere... | | |
| CVE-2019-3880 | A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service... | S | |
| CVE-2019-3881 | Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a stor... | S | |
| CVE-2019-3882 | A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the u... | S | |
| CVE-2019-3883 | In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be ... | | |
| CVE-2019-3884 | A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spo... | | |
| CVE-2019-3885 | A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in... | S | |
| CVE-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission wa... | E S | |
| CVE-2019-3887 | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access wi... | S | |
| CVE-2019-3888 | A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain tex... | | |
| CVE-2019-3889 | A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions:... | | |
| CVE-2019-3890 | It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An at... | | |
| CVE-2019-3891 | It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satelli... | E M | |
| CVE-2019-3892 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11599. Reason: This candidat... | R | |
| CVE-2019-3893 | In Foreman it was discovered that the delete compute resource operation, when executed from the Fore... | | |
| CVE-2019-3894 | It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 t... | | |
| CVE-2019-3895 | An access-control flaw was found in the Octavia service when the cloud platform was deployed using R... | M | |
| CVE-2019-3896 | A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivi... | | |
| CVE-2019-3897 | It has been discovered in redhat-certification that any unauthorized user may download any file unde... | | |
| CVE-2019-3898 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-3899 | It was found that default configuration of Heketi does not require any authentication potentially ex... | M | |
| CVE-2019-3900 | An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including ... | S | |
| CVE-2019-3901 | A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid prog... | S | |
| CVE-2019-3902 | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to def... | | |
| CVE-2019-3903 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-3905 | Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.... | | |
| CVE-2019-3906 | Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. ... | | |
| CVE-2019-3907 | Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a k... | | |
| CVE-2019-3908 | Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the ... | | |
| CVE-2019-3909 | Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change th... | | |
| CVE-2019-3910 | Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interfa... | E | |
| CVE-2019-3911 | Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-... | E | |
| CVE-2019-3912 | An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /_... | E | |
| CVE-2019-3913 | Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authentica... | E | |
| CVE-2019-3914 | Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.0... | E | |
| CVE-2019-3915 | Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmwa... | | |
| CVE-2019-3916 | Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.... | | |
| CVE-2019-3917 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthen... | E | |
| CVE-2019-3918 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard co... | E | |
| CVE-2019-3919 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command ... | E | |
| CVE-2019-3920 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenti... | E | |
| CVE-2019-3921 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack ... | E | |
| CVE-2019-3922 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack ... | E | |
| CVE-2019-3923 | Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper v... | | |
| CVE-2019-3924 | MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary v... | E | |
| CVE-2019-3925 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command inj... | E | |
| CVE-2019-3926 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command inj... | E | |
| CVE-2019-3927 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the adminis... | E | |
| CVE-2019-3928 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the ... | | |
| CVE-2019-3929 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P f... | KEV E | |
| CVE-2019-3930 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P f... | E | |
| CVE-2019-3931 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention... | E | |
| CVE-2019-3932 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authenticat... | E | |
| CVE-2019-3933 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the p... | E | |
| CVE-2019-3934 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the p... | E | |
| CVE-2019-3935 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a mod... | E | |
| CVE-2019-3936 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of se... | | |
| CVE-2019-3937 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, ... | E | |
| CVE-2019-3938 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, ... | E | |
| CVE-2019-3939 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin... | | |
| CVE-2019-3940 | Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unau... | | |
| CVE-2019-3941 | Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOC... | E | |
| CVE-2019-3942 | Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote... | | |
| CVE-2019-3943 | MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44be... | E | |
| CVE-2019-3944 | Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated att... | | |
| CVE-2019-3945 | Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" be... | | |
| CVE-2019-3946 | Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message ... | E | |
| CVE-2019-3947 | Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An... | E | |
| CVE-2019-3948 | The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4... | E | |
| CVE-2019-3949 | Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration th... | | |
| CVE-2019-3950 | Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combina... | | |
| CVE-2019-3951 | Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code o... | E | |
| CVE-2019-3953 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta... | E | |
| CVE-2019-3954 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta... | E | |
| CVE-2019-3955 | Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap over... | E | |
| CVE-2019-3956 | Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer o... | E | |
| CVE-2019-3957 | Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer o... | E | |
| CVE-2019-3958 | Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to cond... | E S | |
| CVE-2019-3959 | Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive applica... | E S | |
| CVE-2019-3960 | Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated a... | E S | |
| CVE-2019-3961 | Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to imprope... | | |
| CVE-2019-3962 | Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local a... | | |
| CVE-2019-3963 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_i... | E | |
| CVE-2019-3964 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id pa... | E | |
| CVE-2019-3965 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_... | E | |
| CVE-2019-3966 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_i... | E | |
| CVE-2019-3967 | In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal fla... | E | |
| CVE-2019-3968 | In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host s... | E | |
| CVE-2019-3969 | Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdA... | E | |
| CVE-2019-3970 | Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe ... | E | |
| CVE-2019-3971 | Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting Cm... | E | |
| CVE-2019-3972 | Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAge... | E | |
| CVE-2019-3973 | Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGua... | E | |
| CVE-2019-3974 | Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system fi... | | |
| CVE-2019-3975 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated atta... | E | |
| CVE-2019-3976 | RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary director... | | |
| CVE-2019-3977 | RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade p... | | |
| CVE-2019-3978 | RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers ... | | |
| CVE-2019-3979 | RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data ... | | |
| CVE-2019-3980 | The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which... | E | |
| CVE-2019-3981 | MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can d... | E | |
| CVE-2019-3982 | Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to imp... | | |
| CVE-2019-3983 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code an... | E | |
| CVE-2019-3984 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command... | E | |
| CVE-2019-3985 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command... | E | |
| CVE-2019-3986 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command... | E | |
| CVE-2019-3987 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command... | E | |
| CVE-2019-3988 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command... | E | |
| CVE-2019-3989 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command... | E | |
| CVE-2019-3990 | A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This en... | S | |
| CVE-2019-3992 | ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauth... | E | |
| CVE-2019-3993 | ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauth... | E | |
| CVE-2019-3994 | ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after fre... | E | |
| CVE-2019-3995 | ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer ... | E | |
| CVE-2019-3996 | ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote at... | E S | |
| CVE-2019-3997 | Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a... | E | |
| CVE-2019-3998 | Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a loc... | E | |
| CVE-2019-3999 | Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5... | E |