Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000400 | 1 Jenkins | 1 Jenkins | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to. | |||||
| CVE-2019-16906 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | |||||
| CVE-2019-11607 | 1 Doorgets | 1 Doorgets Cms | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2019-2098 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599467. | |||||
| CVE-2018-17490 | 1 Hidglobal | 1 Easylobby Solo | 2020-08-24 | 3.6 LOW | 7.1 HIGH |
| EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will. | |||||
| CVE-2019-9974 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. | |||||
| CVE-2019-0325 | 1 Sap | 1 Erp Hcm | 2020-08-24 | 4.9 MEDIUM | 4.2 MEDIUM |
| SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data. | |||||
| CVE-2019-12734 | 1 Sitevision | 1 Sitevision | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| SiteVision 4 has Incorrect Access Control. | |||||
| CVE-2017-1000243 | 1 Jenkins | 1 Favorite Plugin | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | |||||
| CVE-2019-9224 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). | |||||
| CVE-2019-0573 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574. | |||||
| CVE-2019-14475 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. | |||||
| CVE-2017-1000086 | 1 Jenkins | 1 Periodic Backup | 2020-08-24 | 6.0 MEDIUM | 8.0 HIGH |
| The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | |||||
| CVE-2019-15648 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. | |||||
| CVE-2019-15932 | 1 Intesync | 1 Solismed | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Intesync Solismed 3.3sp has Incorrect Access Control. | |||||
| CVE-2018-19079 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. | |||||
| CVE-2018-18004 | 1 Vivotek | 1 Camera | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter. | |||||
| CVE-2018-9548 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574. | |||||
| CVE-2019-1010304 | 1 Mirumee | 1 Saleor | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop's revenue data. The fixed version is: 2.3.1. | |||||
| CVE-2019-11611 | 1 Doorgets | 1 Doorgets Cms | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||