Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13122 | 1 Onefilecms | 1 Onefilecms | 2020-02-06 | 5.5 MEDIUM | 6.5 MEDIUM |
| onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. | |||||
| CVE-2011-4912 | 1 Joomla | 1 Joomla\! | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | |||||
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2020-02-05 | 9.0 HIGH | 8.8 HIGH |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | |||||
| CVE-2017-9602 | 1 Kbvault Mysql Project | 1 Kbvault Mysql | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. | |||||
| CVE-2019-19727 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2020-01-23 | 2.1 LOW | 5.5 MEDIUM |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | |||||
| CVE-2010-2116 | 1 Mcafee | 2 Email Gateway, Secure Mail | 2020-01-10 | 6.5 MEDIUM | N/A |
| The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. | |||||
| CVE-2019-19315 | 1 Nalpeiron | 1 Licensing Service | 2019-12-31 | 6.9 MEDIUM | 7.1 HIGH |
| NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. | |||||
| CVE-2019-6465 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2019-12-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. | |||||
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2019-12-13 | 2.1 LOW | 5.5 MEDIUM |
| OpenStack nova base images permissions are world readable | |||||
| CVE-2019-19382 | 1 Maxpcsecure | 1 Anti Virus Plus | 2019-12-13 | 4.6 MEDIUM | 7.8 HIGH |
| Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | |||||
| CVE-2019-9464 | 1 Google | 1 Android | 2019-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | |||||
| CVE-2019-19197 | 1 Kyrolsecuritylabs | 1 Kyrol Internet Security | 2019-12-04 | 7.2 HIGH | 7.8 HIGH |
| IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive. | |||||
| CVE-2019-18463 | 1 Gitlab | 1 Gitlab | 2019-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). | |||||
| CVE-2019-18459 | 1 Gitlab | 1 Gitlab | 2019-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). | |||||
| CVE-2019-18450 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions. | |||||
| CVE-2019-18452 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions. | |||||
| CVE-2019-18453 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions. | |||||
| CVE-2019-18447 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. | |||||
| CVE-2019-18446 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.5 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2). | |||||