Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10849 | 1 Computrols | 1 Computrols Building Automation Software | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | |||||
| CVE-2019-16097 | 1 Linuxfoundation | 1 Harbor | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP. | |||||
| CVE-2019-11610 | 1 Doorgets | 1 Doorgets Cms | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2018-9457 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376 | |||||
| CVE-2019-2091 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-128599660. | |||||
| CVE-2019-11608 | 1 Doorgets | 1 Doorgets Cms | 2020-08-24 | 6.4 MEDIUM | 8.2 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | |||||
| CVE-2019-16906 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | |||||
| CVE-2019-9263 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73136824 | |||||
| CVE-2019-14793 | 1 Metabox | 1 Meta Box | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. | |||||
| CVE-2019-9224 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). | |||||
| CVE-2019-1000017 | 1 Chamilo | 1 Chamilo Lms | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. | |||||
| CVE-2019-6961 | 1 Rdkcentral | 1 Rdkb Ccsppandm | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. | |||||
| CVE-2018-19754 | 1 Oracle | 1 Tarantella Enterprise | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Tarantella Enterprise before 3.11 allows bypassing Access Control. | |||||
| CVE-2019-6790 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests. | |||||
| CVE-2019-9974 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. | |||||
| CVE-2020-6298 | 1 Sap | 1 Generic Market Data | 2020-08-14 | 5.5 MEDIUM | 8.1 HIGH |
| SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | |||||
| CVE-2020-6273 | 1 Sap | 1 S\/4 Hana Fiori Ui For General Ledger Accounting | 2020-08-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. | |||||
| CVE-2020-6301 | 1 Sap | 1 Hcm Travel Management | 2020-08-13 | 5.5 MEDIUM | 8.1 HIGH |
| SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | |||||
| CVE-2020-14520 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). | |||||
| CVE-2020-5396 | 1 Vmware | 2 Gemfire, Tanzu Gemfire For Virtual Machines | 2020-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution. | |||||