Total
1368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1010150 | 1 Zzcms | 1 Zzcms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php. | |||||
| CVE-2019-1010152 | 1 Zzcms | 1 Zzcms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. | |||||
| CVE-2019-10648 | 1 Robocode Project | 1 Robocode | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | |||||
| CVE-2019-16909 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. | |||||
| CVE-2019-15876 | 1 Freebsd | 1 Freebsd | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware. | |||||
| CVE-2019-15877 | 1 Freebsd | 1 Freebsd | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory. | |||||
| CVE-2019-16698 | 1 Dkd | 1 Direct Mail | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter. | |||||
| CVE-2019-19802 | 1 Gallagher | 1 Command Centre | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | |||||
| CVE-2019-19899 | 1 Pebbletemplates | 1 Pebble Templates | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature. | |||||
| CVE-2019-19937 | 1 Jfrog | 1 Artifactory | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | |||||
| CVE-2019-20555 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019). | |||||
| CVE-2020-6168 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2021-07-21 | 6.5 MEDIUM | 7.6 HIGH |
| A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). | |||||
| CVE-2019-20599 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019). | |||||
| CVE-2019-20609 | 1 Google | 1 Android | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019). | |||||
| CVE-2019-20614 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). | |||||
| CVE-2019-2137 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-132438333. | |||||
| CVE-2019-20801 | 1 Readdle | 1 Documents | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. | |||||
| CVE-2019-2229 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 | |||||
| CVE-2019-20885 | 1 Mattermost | 1 Mattermost Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file. | |||||
| CVE-2020-5022 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658. | |||||