Total
5128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14786 | 1 Rankmath | 1 Seo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. | |||||
| CVE-2019-14544 | 1 Gogs | 1 Gogs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | |||||
| CVE-2019-14475 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. | |||||
| CVE-2019-14473 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp. | |||||
| CVE-2019-14116 | 1 Qualcomm | 2 Ipq6018, Ipq6018 Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018 | |||||
| CVE-2019-13748 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13673 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-13450 | 2 Ringcentral, Zoom | 2 Ringcentral, Zoom | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file. | |||||
| CVE-2019-13408 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | |||||
| CVE-2019-13047 | 1 Toaruos Project | 1 Toaruos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. | |||||
| CVE-2019-13013 | 2 Apple, Obdev | 2 Macos, Little Snitch | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root. | |||||
| CVE-2019-12944 | 1 Gluehome | 2 Glue Smart Lock, Glue Smart Lock Firmware | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. | |||||
| CVE-2019-12942 | 1 Ttlock | 1 Ttlock | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. | |||||
| CVE-2019-12926 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access. | |||||
| CVE-2019-12875 | 1 Alpinelinux | 1 Abuild | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. | |||||
| CVE-2019-12734 | 1 Sitevision | 1 Sitevision | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SiteVision 4 has Incorrect Access Control. | |||||
| CVE-2019-12498 | 1 3cx | 1 Live Chat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | |||||
| CVE-2019-12470 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
| CVE-2019-12469 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
| CVE-2019-12274 | 1 Suse | 1 Rancher | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. | |||||