| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource. |
| eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system. |
| eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system. |
| JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. |
| The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. |
| Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. |
| A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. |
| The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. |
| The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. |
| The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. |
| The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. |
| The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. |
| The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. |
| The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. |
| The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. |
| The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. |
| The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. |
