Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2020-02-05 | 9.0 HIGH | 8.8 HIGH |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | |||||
| CVE-2017-9602 | 1 Kbvault Mysql Project | 1 Kbvault Mysql | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. | |||||
| CVE-2019-19727 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2020-01-23 | 2.1 LOW | 5.5 MEDIUM |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | |||||
| CVE-2010-2116 | 1 Mcafee | 2 Email Gateway, Secure Mail | 2020-01-10 | 6.5 MEDIUM | N/A |
| The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. | |||||
| CVE-2019-19736 | 1 Mfscripts | 1 Yetishare | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting. | |||||
| CVE-2019-19315 | 1 Nalpeiron | 1 Licensing Service | 2019-12-31 | 6.9 MEDIUM | 7.1 HIGH |
| NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. | |||||
| CVE-2018-11116 | 1 Openwrt | 1 Openwrt | 2019-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately. | |||||
| CVE-2019-6465 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2019-12-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. | |||||
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2019-12-13 | 2.1 LOW | 5.5 MEDIUM |
| OpenStack nova base images permissions are world readable | |||||
| CVE-2019-19382 | 1 Maxpcsecure | 1 Anti Virus Plus | 2019-12-13 | 4.6 MEDIUM | 7.8 HIGH |
| Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | |||||
| CVE-2019-9464 | 1 Google | 1 Android | 2019-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | |||||
| CVE-2019-19197 | 1 Kyrolsecuritylabs | 1 Kyrol Internet Security | 2019-12-04 | 7.2 HIGH | 7.8 HIGH |
| IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive. | |||||
| CVE-2019-13679 | 1 Google | 1 Chrome | 2019-12-03 | 4.3 MEDIUM | 3.3 LOW |
| Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. | |||||
| CVE-2019-13681 | 1 Google | 1 Chrome | 2019-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
| CVE-2019-18463 | 1 Gitlab | 1 Gitlab | 2019-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). | |||||
| CVE-2019-18459 | 1 Gitlab | 1 Gitlab | 2019-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). | |||||
| CVE-2019-13665 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. | |||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2019-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2019-13676 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||