Export limit exceeded: 335260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9713 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. | ||||
| CVE-2019-9574 | 1 Mishubd | 1 Wp Human Resource Management | 2024-11-21 | N/A |
| The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. | ||||
| CVE-2019-9482 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only). | ||||
| CVE-2019-9380 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098 | ||||
| CVE-2019-9377 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to a local information disclosure of metadata about the biometrics of another user on the device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599663 | ||||
| CVE-2019-9364 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73364631 | ||||
| CVE-2019-9351 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864 | ||||
| CVE-2019-9323 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233 | ||||
| CVE-2019-9295 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to a to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36885811 | ||||
| CVE-2019-9272 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In WiFi, there is a possible leak of WiFi state due to a permissions bypass. This could lead to a local information disclosure which could be used to determine device location with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-11596047 | ||||
| CVE-2019-9263 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In telephony, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73136824 | ||||
| CVE-2019-9224 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). | ||||
| CVE-2019-9171 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | ||||
| CVE-2019-9149 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 6.5 Medium |
| Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope. | ||||
| CVE-2019-9002 | 2 Pixeline, Tiny Issue Project | 2 Bugs, Tiny Issue | 2024-11-21 | N/A |
| An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. | ||||
| CVE-2019-8512 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.7 Medium |
| This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure. | ||||
| CVE-2019-8446 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 5.3 Medium |
| The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. | ||||
| CVE-2019-8445 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 5.3 Medium |
| Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. | ||||
| CVE-2019-7639 | 2 Fedoraproject, Gsi-openssh Project | 2 Fedora, Gsi-openssh | 2024-11-21 | N/A |
| An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. | ||||
| CVE-2019-7304 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-11-21 | 9.8 Critical |
| Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. | ||||