Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-29
Updated
2022-04-18
pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-07-11
Updated
2019-07-14

CVE-2019-13372

Public exploit
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
Max CVSS
9.8
EPSS Score
97.07%
Published
2019-07-06
Updated
2023-02-28
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
Max CVSS
10.0
EPSS Score
1.05%
Published
2019-07-04
Updated
2020-08-24
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access.
Max CVSS
9.8
EPSS Score
1.12%
Published
2019-07-22
Updated
2020-08-24
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-07-03
Updated
2020-08-24
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.
Max CVSS
9.8
EPSS Score
0.34%
Published
2019-07-30
Updated
2022-04-13
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.
Max CVSS
10.0
EPSS Score
0.12%
Published
2019-07-11
Updated
2020-10-01
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-07-10
Updated
2020-10-02
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.
Max CVSS
4.3
EPSS Score
0.09%
Published
2019-07-31
Updated
2020-10-01
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.
Max CVSS
4.3
EPSS Score
0.09%
Published
2019-07-31
Updated
2020-09-30
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
Max CVSS
4.3
EPSS Score
0.09%
Published
2019-07-31
Updated
2020-10-01
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
Max CVSS
8.8
EPSS Score
0.05%
Published
2019-07-30
Updated
2021-03-25
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-07-30
Updated
2020-09-30
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
Max CVSS
4.3
EPSS Score
0.17%
Published
2019-07-30
Updated
2020-09-30
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.
Max CVSS
9.1
EPSS Score
0.29%
Published
2019-07-11
Updated
2020-10-07
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
Max CVSS
10.0
EPSS Score
0.70%
Published
2019-07-25
Updated
2020-10-16
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
Max CVSS
9.8
EPSS Score
0.31%
Published
2019-07-08
Updated
2020-08-24
An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-07-12
Updated
2021-07-21
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.
Max CVSS
8.8
EPSS Score
2.42%
Published
2019-07-01
Updated
2022-10-25
iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.08%
Published
2019-07-05
Updated
2019-07-10
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
Max CVSS
6.8
EPSS Score
0.10%
Published
2019-07-30
Updated
2022-12-06
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
Max CVSS
6.1
EPSS Score
0.10%
Published
2019-07-30
Updated
2020-12-18
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
Max CVSS
2.4
EPSS Score
0.07%
Published
2019-07-30
Updated
2021-11-03
A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.
Max CVSS
4.3
EPSS Score
0.05%
Published
2019-07-30
Updated
2020-10-16
89 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!