Total
2247 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15136 | 1 Eprosima | 1 Fast-rtps | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition. | |||||
CVE-2019-11700 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67. | |||||
CVE-2019-5463 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | |||||
CVE-2019-14786 | 1 Rankmath | 1 Seo | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. | |||||
CVE-2019-10308 | 1 Jenkins | 1 Static Analysis Utilities | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. | |||||
CVE-2019-12168 | 1 Four-faith | 2 F3x24, F3x24 Firmware | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen. | |||||
CVE-2019-3399 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | |||||
CVE-2019-12469 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-8445 | 1 Atlassian | 1 Jira Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. | |||||
CVE-2019-13408 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | |||||
CVE-2019-10301 | 1 Jenkins | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2019-6580 | 1 Siemens | 5 Siveillance Video Management Software 2017 R2, Siveillance Video Management Software 2018 R1, Siveillance Video Management Software 2018 R2 and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2019-11608 | 1 Doorgets | 1 Doorgets Cms | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | |||||
CVE-2019-3835 | 5 Artifex, Debian, Fedoraproject and 2 more | 11 Ghostscript, Debian Linux, Fedora and 8 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | |||||
CVE-2019-1003093 | 1 Jenkins | 1 Nomad | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10147 | 1 Redhat | 1 Rkt | 2023-12-10 | 6.9 MEDIUM | 7.7 HIGH |
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources. | |||||
CVE-2019-10290 | 1 Jenkins | 1 Netsparker Cloud Scan | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
CVE-2018-10093 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. | |||||
CVE-2019-2098 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599467. | |||||
CVE-2018-4059 | 1 Coturn Project | 1 Coturn | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server. |