Total
1474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2200 | 1 Google | 1 Android | 2026-06-17 | 6.9 MEDIUM | 7.3 HIGH |
| In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274 | |||||
| CVE-2019-2173 | 1 Google | 1 Android | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 | |||||
| CVE-2019-2114 | 1 Google | 1 Android | 2026-06-17 | 4.4 MEDIUM | 7.8 HIGH |
| In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 | |||||
| CVE-2019-20889 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. | |||||
| CVE-2019-20882 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. | |||||
| CVE-2019-20536 | 1 Google | 1 Android | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019). | |||||
| CVE-2019-20468 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. | |||||
| CVE-2019-20458 | 2026-06-17 | N/A | 8.8 HIGH | ||
| An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials. | |||||
| CVE-2019-20457 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device. | |||||
| CVE-2019-20106 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. | |||||
| CVE-2019-1982 | 1 Cisco | 3 Firepower Services Software For Asa, Firepower Threat Defense, Secure Firewall Management Center | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. | |||||
| CVE-2019-19896 | 1 Ixpdata | 1 Easyinstall | 2026-06-17 | 9.0 HIGH | 9.9 CRITICAL |
| In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients. | |||||
| CVE-2019-19792 | 1 Eset | 1 Cyber Security | 2026-06-17 | 7.2 HIGH | 6.7 MEDIUM |
| A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. | |||||
| CVE-2019-19724 | 1 Sylabs | 1 Singularity | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. | |||||
| CVE-2019-19712 | 1 Contao | 1 Contao | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. | |||||
| CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2026-06-17 | 4.4 MEDIUM | 7.8 HIGH |
| In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | |||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2026-06-17 | 4.4 MEDIUM | 7.3 HIGH |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | |||||
| CVE-2019-19475 | 1 Zohocorp | 1 Manageengine Applications Manager | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | |||||
| CVE-2019-19460 | 2 Microsoft, Saltosystem | 2 Windows, Proaccess Space | 2026-06-17 | 6.6 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. | |||||
| CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | |||||