Total
3304 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19937 | 1 Jfrog | 1 Artifactory | 2024-08-05 | 7.2 High |
| In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | ||||
| CVE-2019-19885 | 1 Bender | 12 Com465dp, Com465dp Firmware, Com465id and 9 more | 2024-08-05 | 9.1 Critical |
| In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0. | ||||
| CVE-2019-19899 | 1 Pebbletemplates | 1 Pebble Templates | 2024-08-05 | 9.8 Critical |
| Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature. | ||||
| CVE-2019-19802 | 1 Gallagher | 1 Command Centre | 2024-08-05 | 6.5 Medium |
| In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | ||||
| CVE-2019-19604 | 4 Debian, Fedoraproject, Git-scm and 1 more | 4 Debian Linux, Fedora, Git and 1 more | 2024-08-05 | 7.8 High |
| Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | ||||
| CVE-2019-19252 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 7.8 High |
| vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. | ||||
| CVE-2019-18790 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-08-05 | 6.5 Medium |
| An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. | ||||
| CVE-2019-18674 | 1 Joomla | 1 Joomla\! | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure. | ||||
| CVE-2019-18610 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-08-05 | 8.8 High |
| An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. | ||||
| CVE-2019-18383 | 1 Terra-master | 2 Fs-210, Fs-210 Firmware | 2024-08-05 | 7.5 High |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission. | ||||
| CVE-2019-17055 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-08-05 | 3.3 Low |
| base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | ||||
| CVE-2019-16907 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-08-05 | 5.3 Medium |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. | ||||
| CVE-2019-16906 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-08-05 | 7.5 High |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | ||||
| CVE-2019-16909 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-08-05 | 4.3 Medium |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. | ||||
| CVE-2019-16738 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-08-05 | 5.3 Medium |
| In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | ||||
| CVE-2019-16698 | 1 Dkd | 1 Direct Mail | 2024-08-05 | 4.3 Medium |
| The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter. | ||||
| CVE-2019-16566 | 1 Jenkins | 1 Team Concert | 2024-08-05 | 6.5 Medium |
| A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-16567 | 1 Jenkins | 1 Team Concert | 2024-08-05 | 4.3 Medium |
| A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2019-16576 | 1 Jenkins | 1 Alauda Kubernetes Support | 2024-08-05 | 6.5 Medium |
| A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | ||||
| CVE-2019-16571 | 1 Jenkins | 1 Rapiddeploy | 2024-08-05 | 4.3 Medium |
| A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | ||||