Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13677 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-18450 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions. | |||||
| CVE-2019-18452 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions. | |||||
| CVE-2019-18453 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions. | |||||
| CVE-2019-18447 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. | |||||
| CVE-2019-18446 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.5 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2). | |||||
| CVE-2019-15340 | 1 Mi | 2 Redmi 6, Redmi 6 Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15339 | 1 Lavamobiles | 2 Z60s, Z60s Firmware | 2019-11-25 | 2.1 LOW | 3.3 LOW |
| The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15338 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15337 | 1 Lavamobiles | 2 Z81, Z81 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15336 | 1 Lavamobiles | 2 Z61, Z61 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15335 | 1 Lavamobiles | 2 Z92, Z92 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15334 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2019-15333 | 1 Lavamobiles | 2 Flair Z1, Flair Z1 Firmware | 2019-11-22 | 2.1 LOW | 3.3 LOW |
| The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | |||||
| CVE-2012-1160 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 2.7 LOW |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | |||||
| CVE-2019-5642 | 1 Rapid7 | 1 Metasploit | 2019-11-13 | 2.1 LOW | 3.3 LOW |
| Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface. | |||||
| CVE-2016-4983 | 3 Dovecot, Opensuse, Redhat | 4 Dovecot, Leap, Opensuse and 1 more | 2019-11-08 | 2.1 LOW | 3.3 LOW |
| A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | |||||
| CVE-2010-0747 | 2 Debian, Linbit | 2 Debian Linux, Drbd8 | 2019-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | |||||
| CVE-2013-4367 | 2 Linux, Ovirt | 2 Linux Kernel, Ovirt-engine | 2019-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | |||||
| CVE-2010-0737 | 1 Redhat | 1 Jboss Operations Network | 2019-11-05 | 5.2 MEDIUM | 8.0 HIGH |
| A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | |||||