Export limit exceeded: 34627 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34627 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20404 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 Medium |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. | ||||
| CVE-2019-20403 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 5.3 Medium |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | ||||
| CVE-2019-20402 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 4.9 Medium |
| Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | ||||
| CVE-2019-20373 | 2 Debian, Ltsp | 2 Debian Linux, Ldm | 2024-11-21 | 7.8 High |
| LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script. | ||||
| CVE-2019-20150 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 6.5 Medium |
| In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host. | ||||
| CVE-2019-20148 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20147 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20145 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20144 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20142 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. | ||||
| CVE-2019-20097 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 8.8 High |
| Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content. | ||||
| CVE-2019-20032 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 6.5 Medium |
| An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem. | ||||
| CVE-2019-20030 | 1 Nec | 2 Um8000, Um8000 Firmware | 2024-11-21 | 7.8 High |
| An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected. | ||||
| CVE-2019-20029 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 8.8 High |
| An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. | ||||
| CVE-2019-20028 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 7.5 High |
| Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface. | ||||
| CVE-2019-20026 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2024-11-21 | 7.5 High |
| The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. | ||||
| CVE-2019-20001 | 1 Ricoh | 2 Streamline Nx Client Tool, Streamline Nx Pc Client | 2024-11-21 | 7.8 High |
| An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. | ||||
| CVE-2019-1998 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116055338. | ||||
| CVE-2019-1995 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229. | ||||
| CVE-2019-1985 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0Android ID: A-118694079 | ||||