Total
33260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15035 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | |||||
| CVE-2019-15028 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. | |||||
| CVE-2019-15009 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | |||||
| CVE-2019-14986 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed. | |||||
| CVE-2019-14940 | 1 Spdk | 1 Storage Performance Development Kit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. | |||||
| CVE-2019-14939 | 1 Mysql Project | 1 Mysql | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | |||||
| CVE-2019-14936 | 1 Easyappointments | 1 Easy\!appointments | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). | |||||
| CVE-2019-14920 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature. | |||||
| CVE-2019-14902 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. | |||||
| CVE-2019-14888 | 2 Netapp, Redhat | 6 Active Iq Unified Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. | |||||
| CVE-2019-14880 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | |||||
| CVE-2019-14820 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Fuse, Keycloak and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information. | |||||
| CVE-2019-14809 | 2 Debian, Golang | 2 Debian Linux, Go | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | |||||
| CVE-2019-14783 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | |||||
| CVE-2019-14773 | 1 Webcraftic | 1 Woody Ad Snippets | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. | |||||
| CVE-2019-14765 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | |||||
| CVE-2019-14730 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. | |||||
| CVE-2019-14729 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 5.5 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. | |||||
| CVE-2019-14728 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. | |||||
| CVE-2019-14727 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. | |||||