Total
1059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | |||||
| CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | |||||
| CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | |||||
| CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 3.8 LOW |
| cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | |||||
| CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | |||||
| CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 2.1 LOW | 3.3 LOW |
| cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | |||||
| CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | |||||
| CVE-2014-8680 | 1 Isc | 1 Bind | 2019-07-30 | 5.4 MEDIUM | N/A |
| The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | |||||
| CVE-2016-1406 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. | |||||
| CVE-2018-13896 | 1 Qualcomm | 72 Mdm9206, Mdm9206 Firmware, Mdm9607 and 69 more | 2019-07-25 | 7.2 HIGH | 7.8 HIGH |
| XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-19588 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2019-07-18 | 9.0 HIGH | 7.2 HIGH |
| Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. | |||||
| CVE-2018-11744 | 1 Cloudera | 1 Cloudera Manager | 2019-07-18 | 6.8 MEDIUM | 8.1 HIGH |
| Cloudera Manager through 5.15 has Incorrect Access Control. | |||||
| CVE-2018-14833 | 1 Intuit | 1 Lacerte | 2019-07-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Intuit Lacerte 2017 has Incorrect Access Control. | |||||
| CVE-2019-1010316 | 1 Pyxtrlock Project | 1 Pyxtrlock | 2019-07-14 | 4.6 MEDIUM | 7.8 HIGH |
| pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4. | |||||
| CVE-2018-17151 | 1 Intersystems | 1 Cache | 2019-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. | |||||
| CVE-2018-19576 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 6.4 MEDIUM | 8.1 HIGH |
| GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | |||||
| CVE-2018-19496 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. | |||||
| CVE-2018-19494 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. | |||||
| CVE-2018-14859 | 1 Odoo | 1 Odoo | 2019-07-10 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token. | |||||
| CVE-2016-2787 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet Enterprise | 2019-07-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. | |||||