Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1289 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-08-04 | 5.5 Medium |
| An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-1192 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2024-08-04 | 4.3 Medium |
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how affected Microsoft browsers handle different-origin requests. | ||||
| CVE-2019-0762 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2024-08-04 | N/A |
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'. | ||||
| CVE-2019-0761 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-08-04 | N/A |
| A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768. | ||||
| CVE-2019-0732 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | N/A |
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'. | ||||
| CVE-2019-0678 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2024-08-04 | N/A |
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-0384 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2024-08-04 | 8.8 High |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | ||||
| CVE-2019-0552 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-08-04 | N/A |
| An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||||
| CVE-2019-0383 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2024-08-04 | 8.8 High |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2019-0276 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2024-08-04 | N/A |
| Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. | ||||
| CVE-2020-36710 | 1 Wpserveur | 1 Wps Hide Login | 2024-08-04 | 5.3 Medium |
| The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2. | ||||
| CVE-2020-36622 | 1 Bienlein Project | 1 Bienlein | 2024-08-04 | 4.3 Medium |
| A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability. | ||||
| CVE-2020-36623 | 1 Pengu Project | 1 Pengu | 2024-08-04 | 4.3 Medium |
| A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475. | ||||
| CVE-2020-36610 | 1 Duxcms Project | 1 Duxcms | 2024-08-04 | 4.3 Medium |
| A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116. | ||||
| CVE-2020-35948 | 1 Xcloner | 1 Xcloner | 2024-08-04 | 9.9 Critical |
| An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump. | ||||
| CVE-2020-35682 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-08-04 | 8.8 High |
| Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | ||||
| CVE-2020-35501 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-04 | 3.4 Low |
| A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | ||||
| CVE-2020-29605 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-08-04 | 4.3 Medium |
| An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.) | ||||
| CVE-2020-29454 | 1 Umbraco | 1 Umbraco Cms | 2024-08-04 | 4.3 Medium |
| Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. | ||||
| CVE-2020-29374 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, 500f and 8 more | 2024-08-04 | 3.6 Low |
| An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. | ||||