Total
586 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-12875 | 1 Alpinelinux | 1 Abuild | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. | |||||
CVE-2018-20947 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | |||||
CVE-2019-13379 | 1 Avtech | 2 Room Alert 3e, Room Alert 3e Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. | |||||
CVE-2019-10365 | 1 Google | 1 Kubernetes Engine | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | |||||
CVE-2018-4048 | 1 Gog | 1 Galaxy | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. | |||||
CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2023-12-10 | 2.1 LOW | 3.3 LOW |
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | |||||
CVE-2016-11007 | 1 Usabilitydynamics | 1 Wp-invoice | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | |||||
CVE-2016-11008 | 1 Usabilitydynamics | 1 Wp-invoice | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | |||||
CVE-2016-11009 | 1 Usabilitydynamics | 1 Wp-invoice | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | |||||
CVE-2016-11006 | 1 Usabilitydynamics | 1 Wp-invoice | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | |||||
CVE-2018-7846 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. | |||||
CVE-2019-3569 | 1 Facebook | 1 Hhvm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | |||||
CVE-2017-12576 | 1 Planex | 2 Cs-qr20, Cs-qr20 Firmware | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. | |||||
CVE-2019-8308 | 3 Debian, Flatpak, Redhat | 8 Debian Linux, Flatpak, Enterprise Linux Desktop and 5 more | 2023-12-10 | 4.4 MEDIUM | 8.2 HIGH |
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | |||||
CVE-2018-15591 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors. | |||||
CVE-2018-1840 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813. | |||||
CVE-2018-8040 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | |||||
CVE-2018-7072 | 1 Hp | 1 Moonshot Provisioning Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
CVE-2018-7073 | 2 Canonical, Hp | 2 Ubuntu Linux, Moonshot Provisioning Manager | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
CVE-2018-20237 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature. |