Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17130 | 1 Vbulletin | 1 Vbulletin | 2024-08-05 | 6.5 Medium |
| vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. | ||||
| CVE-2019-17112 | 1 Zohocorp | 1 Manageengine Datasecurity Plus | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password). | ||||
| CVE-2019-13404 | 2 Microsoft, Python | 2 Windows, Python | 2024-08-05 | N/A |
| The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x | ||||
| CVE-2019-14273 | 1 Silverstripe | 1 Silverstripe | 2024-08-05 | 5.3 Medium |
| In SilverStripe assets 4.0, there is broken access control on files. | ||||
| CVE-2019-13941 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2024-08-05 | 7.5 High |
| A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. | ||||
| CVE-2019-13173 | 1 Fstream Project | 1 Fstream | 2024-08-04 | N/A |
| fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable. | ||||
| CVE-2019-13140 | 1 Intenogroup | 2 Eg200, Eg200 Firmware | 2024-08-04 | 6.5 Medium |
| Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. | ||||
| CVE-2019-12450 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-08-04 | 9.8 Critical |
| file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | ||||
| CVE-2019-12375 | 1 Ivanti | 1 Landesk Management Suite | 2024-08-04 | N/A |
| Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | ||||
| CVE-2019-11702 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-08-04 | N/A |
| A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2. | ||||
| CVE-2019-10930 | 1 Siemens | 26 6md85, 6md86, 6md89 and 23 more | 2024-08-04 | N/A |
| A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. | ||||
| CVE-2019-3897 | 1 Redhat | 2 Certification, Enterprise Linux | 2024-08-04 | 5.3 Medium |
| It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue. | ||||
| CVE-2019-3811 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Sssd and 2 more | 2024-08-04 | 5.2 Medium |
| A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. | ||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-08-04 | 8.2 High |
| Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | ||||
| CVE-2019-3569 | 1 Facebook | 1 Hhvm | 2024-08-04 | 7.5 High |
| HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | ||||
| CVE-2019-0381 | 1 Sap | 3 Dynamic Tier, Sap Iq, Sql Anywhere | 2024-08-04 | 5.5 Medium |
| A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | ||||
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2024-08-04 | 5.3 Medium |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | ||||
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2024-08-04 | 7.5 High |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | ||||
| CVE-2020-29373 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 6.5 Medium |
| An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. | ||||
| CVE-2020-27368 | 1 Totolink | 2 A702r, A702r Firmware | 2024-08-04 | 5.5 Medium |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | ||||