Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11765 | 1 Mozilla | 1 Firefox | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70. | |||||
| CVE-2019-11097 | 1 Intel | 1 Trusted Execution Engine Firmware | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-10679 | 1 Thomsonreuters | 1 Eikon | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions. | |||||
| CVE-2019-10474 | 1 Jenkins | 1 Global Post Script | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | |||||
| CVE-2019-10473 | 1 Jenkins | 1 Libvirt Slaves | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10472 | 1 Jenkins | 1 Libvirt Slaves | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10470 | 1 Jenkins | 1 Kubernetes Ci | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10469 | 1 Jenkins | 1 Kubernetes Ci | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10465 | 1 Jenkins | 1 Deploy Weblogic | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | |||||
| CVE-2019-10463 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-0683 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0134 | 1 Intel | 1 Dynamic Platform And Thermal Framework | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege. | |||||
| CVE-2018-9467 | 1 Google | 1 Android | 2026-06-17 | N/A | 9.8 CRITICAL |
| In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9434 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9432 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2018-9431 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9401 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9369 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.3 HIGH |
| In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2018-9085 | 2 Ibm, Lenovo | 56 Bladecenter, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 53 more | 2026-06-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | |||||
| CVE-2018-7822 | 1 Schneider-electric | 3 Modicon M221, Modicon M221 Firmware, Somachine Basic | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. | |||||