Total
32115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20534 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019). | |||||
| CVE-2019-20498 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534). | |||||
| CVE-2019-20496 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532). | |||||
| CVE-2019-20495 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531). | |||||
| CVE-2019-20492 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). | |||||
| CVE-2019-20491 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). | |||||
| CVE-2019-20490 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). | |||||
| CVE-2019-20478 | 1 Ruamel.yaml Project | 1 Ruamel.yaml | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. | |||||
| CVE-2019-20473 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device. | |||||
| CVE-2019-20467 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The usernames and passwords of the backdoor accounts are the same on all devices. Attackers can use these backdoor accounts to obtain access and execute code as root within the device. | |||||
| CVE-2019-20465 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality. | |||||
| CVE-2019-20463 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically. | |||||
| CVE-2019-20418 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. | |||||
| CVE-2019-20413 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | |||||
| CVE-2019-20410 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. | |||||
| CVE-2019-20404 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. | |||||
| CVE-2019-20403 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | |||||
| CVE-2019-20402 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | |||||
| CVE-2019-20373 | 2 Debian, Ltsp | 2 Debian Linux, Ldm | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script. | |||||
| CVE-2019-20150 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host. | |||||