| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15389 | Hig | 0.53 | 8.1 | 0.01 | Nov 14, 2019 | The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service… | ||
| CVE-2019-15388 | Hig | 0.53 | 8.1 | 0.01 | Nov 14, 2019 | The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an… | ||
| CVE-2019-15351 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported… | ||
| CVE-2019-15350 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported… | ||
| CVE-2019-15349 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15348 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15347 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15346 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an… | ||
| CVE-2019-15345 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an… | ||
| CVE-2019-15344 | Hig | 0.53 | 8.1 | 0.01 | Nov 14, 2019 | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an… | ||
| CVE-2019-15343 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an… | ||
| CVE-2019-15342 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains… | ||
| CVE-2019-15341 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains… | ||
| CVE-2019-14818 | Hig | 0.49 | 7.5 | 0.03 | Nov 14, 2019 | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory… | ||
| CVE-2019-14602 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-14566 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | ||
| CVE-2019-14565 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | ||
| CVE-2019-11182 | Hig | 0.49 | 7.5 | 0.01 | Nov 14, 2019 | Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | ||
| CVE-2019-11181 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||
| CVE-2019-11180 | Hig | 0.49 | 7.5 | 0.01 | Nov 14, 2019 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | ||
| CVE-2019-11178 | Hig | 0.53 | 8.1 | 0.01 | Nov 14, 2019 | Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. | ||
| CVE-2019-11177 | Hig | 0.49 | 7.5 | 0.01 | Nov 14, 2019 | Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | ||
| CVE-2019-11175 | Hig | 0.49 | 7.5 | 0.01 | Nov 14, 2019 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | ||
| CVE-2019-11173 | Hig | 0.46 | 7.1 | 0.00 | Nov 14, 2019 | Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | ||
| CVE-2019-11170 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | ||
| CVE-2019-11156 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | ||
| CVE-2019-11155 | Hig | 0.46 | 7.1 | 0.00 | Nov 14, 2019 | Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | ||
| CVE-2019-11154 | Hig | 0.46 | 7.1 | 0.00 | Nov 14, 2019 | Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | ||
| CVE-2019-11153 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access. | ||
| CVE-2019-11152 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2019 | Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access. | ||
| CVE-2019-11151 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | ||
| CVE-2019-11137 | Hig | 0.53 | 8.2 | 0.00 | Nov 14, 2019 | Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user… | ||
| CVE-2012-1170 | Hig | 0.49 | 7.5 | 0.01 | Nov 14, 2019 | Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | ||
| CVE-2019-8240 | Hig | 0.49 | 7.5 | 0.03 | Nov 14, 2019 | Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2019-8239 | Hig | 0.49 | 7.5 | 0.03 | Nov 14, 2019 | Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2019-7962 | Hig | 0.51 | 7.8 | 0.01 | Nov 14, 2019 | Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | ||
| CVE-2019-7960 | Hig | 0.51 | 7.8 | 0.01 | Nov 14, 2019 | Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | ||
| CVE-2012-1168 | Hig | 0.53 | 8.2 | 0.02 | Nov 14, 2019 | Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | ||
| CVE-2012-1156 | Hig | 0.42 | 7.5 | 0.02 | Nov 14, 2019 | Moodle before 2.2.2 has users' private files included in course backups | ||
| CVE-2012-1155 | Hig | 0.49 | 7.5 | 0.02 | Nov 14, 2019 | Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | ||
| CVE-2019-18647 | Hig | 0.47 | 7.2 | 0.02 | Nov 14, 2019 | The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. | ||
| CVE-2019-18646 | Hig | 0.47 | 7.2 | 0.01 | Nov 14, 2019 | The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | ||
| CVE-2019-18895 | Hig | 0.51 | 7.8 | 0.01 | Nov 14, 2019 | Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | ||
| CVE-2019-18949 | Hig | 0.49 | 7.5 | 0.01 | Nov 14, 2019 | SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration. | ||
| CVE-2011-1588 | Hig | 0.44 | 7.8 | 0.01 | Nov 14, 2019 | Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | ||
| CVE-2011-1145 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | ||
| CVE-2011-1070 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2019 | v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | ||
| CVE-2019-3661 | Hig | 0.53 | 8.1 | 0.01 | Nov 14, 2019 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | ||
| CVE-2019-3660 | Hig | 0.55 | 8.4 | 0.01 | Nov 13, 2019 | Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | ||
| CVE-2019-3651 | Hig | 0.57 | 8.8 | 0.01 | Nov 13, 2019 | Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. |
- risk 0.53cvss 8.1epss 0.01
The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service…
- risk 0.53cvss 8.1epss 0.01
The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…
- risk 0.53cvss 8.1epss 0.01
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains…
- risk 0.51cvss 7.8epss 0.00
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains…
- risk 0.49cvss 7.5epss 0.03
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory…
- risk 0.51cvss 7.8epss 0.00
Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.
- risk 0.51cvss 7.8epss 0.00
Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.
- risk 0.49cvss 7.5epss 0.01
Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- risk 0.51cvss 7.8epss 0.00
Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- risk 0.49cvss 7.5epss 0.01
Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- risk 0.53cvss 8.1epss 0.01
Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.
- risk 0.49cvss 7.5epss 0.01
Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- risk 0.49cvss 7.5epss 0.01
Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- risk 0.46cvss 7.1epss 0.00
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.
- risk 0.51cvss 7.8epss 0.00
Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access.
- risk 0.51cvss 7.8epss 0.00
Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.
- risk 0.46cvss 7.1epss 0.00
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.
- risk 0.46cvss 7.1epss 0.00
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.
- risk 0.51cvss 7.8epss 0.00
Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access.
- risk 0.57cvss 8.8epss 0.01
Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access.
- risk 0.51cvss 7.8epss 0.00
Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.
- risk 0.53cvss 8.2epss 0.00
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user…
- risk 0.49cvss 7.5epss 0.01
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
- risk 0.49cvss 7.5epss 0.03
Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.03
Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.51cvss 7.8epss 0.01
Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
- risk 0.51cvss 7.8epss 0.01
Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
- risk 0.53cvss 8.2epss 0.02
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
- risk 0.42cvss 7.5epss 0.02
Moodle before 2.2.2 has users' private files included in course backups
- risk 0.49cvss 7.5epss 0.02
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
- risk 0.47cvss 7.2epss 0.02
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
- risk 0.47cvss 7.2epss 0.01
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
- risk 0.51cvss 7.8epss 0.01
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
- risk 0.49cvss 7.5epss 0.01
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
- risk 0.44cvss 7.8epss 0.01
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
- risk 0.51cvss 7.8epss 0.00
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
- risk 0.51cvss 7.8epss 0.00
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
- risk 0.53cvss 8.1epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.
- risk 0.55cvss 8.4epss 0.01
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.
- risk 0.57cvss 8.8epss 0.01
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.