| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. |
| Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. |
| Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI. |
| In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. |
| Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. |
| Improper access control in PCIe function for the IntelĀ® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. |
| Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. |
| Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. |
| Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. |
| Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. |
| In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. |
| AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. |
| VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. |
| SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. |
| An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129 |
