Total
5246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11702 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | N/A |
| A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2. | ||||
| CVE-2019-11700 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | N/A |
| A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67. | ||||
| CVE-2019-11611 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11610 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11609 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11608 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11607 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11606 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11248 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 8.2 High |
| The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. | ||||
| CVE-2019-10868 | 2 Debian, Tryton | 2 Debian Linux, Trytond | 2024-11-21 | 6.5 Medium |
| In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. | ||||
| CVE-2019-10849 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | ||||
| CVE-2019-10648 | 1 Robocode Project | 1 Robocode | 2024-11-21 | N/A |
| Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | ||||
| CVE-2019-10457 | 1 Jenkins | 1 Oracle Cloud Infrastructure Compute Classic | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2019-10455 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2019-10445 | 1 Jenkins | 1 Google Kubernetes Engine | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. | ||||
| CVE-2019-10442 | 1 Jenkins | 1 Icescrum | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2019-10439 | 1 Jenkins | 1 Crx Content Package Deployer | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2019-10438 | 1 Jenkins | 1 Crx Content Package Deployer | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10409 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. | ||||
| CVE-2019-10389 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | ||||