Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25210 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. | |||||
| CVE-2020-25400 | 1 Taskcafe Project | 1 Taskcafe | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. | |||||
| CVE-2020-25610 | 1 Mitel | 1 Micollab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. | |||||
| CVE-2020-25612 | 1 Mitel | 1 Micollab | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information. | |||||
| CVE-2020-25737 | 2 Hackolade, Microsoft | 2 Hackolade, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application. | |||||
| CVE-2020-25837 | 1 Microfocus | 1 Self Service Password Reset | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | |||||
| CVE-2020-25838 | 1 Microfocus | 1 Filr | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | |||||
| CVE-2020-26102 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | |||||
| CVE-2020-26167 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | |||||
| CVE-2019-16314 | 1 Indexhibit | 1 Indexhibit | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. | |||||
| CVE-2019-11168 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | |||||
| CVE-2019-11157 | 1 Intel | 528 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 525 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. | |||||
| CVE-2019-11156 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | |||||
| CVE-2019-16722 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | |||||
| CVE-2019-16656 | 1 Joyplus Project | 1 Joyplus | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | |||||
| CVE-2019-15312 | 1 Linkplay | 1 Linkplay | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet. | |||||
| CVE-2019-15065 | 1 Hinet | 2 Gpon, Gpon Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2019-15035 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | |||||
| CVE-2019-14939 | 1 Mysql Project | 1 Mysql | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | |||||
| CVE-2019-14936 | 1 Easyappointments | 1 Easy\!appointments | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). | |||||