Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1003077 | 1 Jenkins | 1 Audit To Database | 2024-08-05 | 6.5 Medium |
| A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003059 | 1 Jenkins | 1 Ftp Publisher | 2024-08-05 | 6.5 Medium |
| A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-1003036 | 1 Jenkins | 1 Azure Vm Agents | 2024-08-05 | 4.3 Medium |
| A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. | ||||
| CVE-2019-1003025 | 1 Jenkins | 1 Cloud Foundry | 2024-08-05 | 8.8 High |
| A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-25141 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-08-05 | 9.8 Critical |
| The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts. | ||||
| CVE-2019-25143 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2024-08-05 | 5.4 Medium |
| The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings. | ||||
| CVE-2019-1000017 | 1 Chamilo | 1 Chamilo Lms | 2024-08-05 | N/A |
| Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. | ||||
| CVE-2019-25139 | 1 Wpshopmart | 1 Coming Soon Page \& Maintenance Mode | 2024-08-05 | 6.5 Medium |
| The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. | ||||
| CVE-2019-25142 | 1 Extendthemes | 2 Materialis, Mesmerize | 2024-08-05 | 8.8 High |
| The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options. | ||||
| CVE-2019-20887 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. | ||||
| CVE-2019-20885 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file. | ||||
| CVE-2019-20801 | 1 Readdle | 1 Documents | 2024-08-05 | 5.3 Medium |
| An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. | ||||
| CVE-2019-20676 | 1 Netgear | 44 Fs728tlp, Fs728tlp Firmware, Gs105e and 41 more | 2024-08-05 | 6.0 Medium |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. | ||||
| CVE-2019-20599 | 1 Google | 1 Android | 2024-08-05 | 7.5 High |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019). | ||||
| CVE-2019-20609 | 1 Google | 1 Android | 2024-08-05 | 6.5 Medium |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019). | ||||
| CVE-2019-20614 | 1 Google | 1 Android | 2024-08-05 | 7.5 High |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). | ||||
| CVE-2019-20555 | 1 Google | 1 Android | 2024-08-05 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019). | ||||
| CVE-2019-19989 | 1 Seling | 1 Visual Access Manager | 2024-08-05 | 7.5 High |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization. | ||||
| CVE-2019-19985 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-08-05 | 5.3 Medium |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. | ||||
| CVE-2019-19937 | 1 Jfrog | 1 Artifactory | 2024-08-05 | 7.2 High |
| In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | ||||