Export limit exceeded: 335275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9496 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12470 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12469 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12419 | 3 Apache, Oracle, Redhat | 8 Cxf, Commerce Guided Search, Enterprise Manager Base Platform and 5 more | 2024-11-21 | 9.8 Critical |
| Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. | ||||
| CVE-2019-12274 | 1 Suse | 1 Rancher | 2024-11-21 | N/A |
| In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. | ||||
| CVE-2019-12168 | 1 Four-faith | 2 F3x24, F3x24 Firmware | 2024-11-21 | N/A |
| Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen. | ||||
| CVE-2019-11875 | 1 Blueprism | 1 Robotic Process Automation | 2024-11-21 | N/A |
| In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords. | ||||
| CVE-2019-11785 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.3 Medium |
| Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages. | ||||
| CVE-2019-11784 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.5 Medium |
| Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to. | ||||
| CVE-2019-11783 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.5 Medium |
| Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited. | ||||
| CVE-2019-11761 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 5.4 Medium |
| By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | ||||
| CVE-2019-11724 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 6.1 Medium |
| Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11702 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | N/A |
| A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2. | ||||
| CVE-2019-11700 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | N/A |
| A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67. | ||||
| CVE-2019-11611 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11610 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11609 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11608 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11607 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11606 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11361 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | ||||