Total
29474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18869 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 9.8 Critical |
| Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. | ||||
| CVE-2019-18825 | 1 Barco | 4 Clickshare Cs-100 Huddle, Clickshare Cs-100 Huddle Firmware, Clickshare Cse-200 and 1 more | 2024-11-21 | 7.5 High |
| Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200. | ||||
| CVE-2019-18782 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.3 Medium |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | ||||
| CVE-2019-18579 | 1 Dell | 2 Xps 7390, Xps 7390 Firmware | 2024-11-21 | 6.8 Medium |
| Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot. | ||||
| CVE-2019-18342 | 1 Siemens | 1 Control Center Server | 2024-11-21 | 9.9 Critical |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server. | ||||
| CVE-2019-18309 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-18308 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-18275 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 6.5 Medium |
| OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes. | ||||
| CVE-2019-18269 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2024-11-21 | 9.8 Critical |
| Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. | ||||
| CVE-2019-17549 | 1 Eset | 1 Cyber Security | 2024-11-21 | 6.5 Medium |
| ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack. | ||||
| CVE-2019-17440 | 1 Paloaltonetworks | 3 Pa-7050, Pa-7080, Pan-os | 2024-11-21 | 10 Critical |
| Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted. | ||||
| CVE-2019-17137 | 1 Netgear | 2 Ac1200 R6220, Ac1200 R6220 Firmware | 2024-11-21 | 9.4 Critical |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616. | ||||
| CVE-2019-16791 | 1 Postfix-mta-sts-resolver Project | 1 Postfix-mta-sts-resolver | 2024-11-21 | 6.9 Medium |
| In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy. | ||||
| CVE-2019-16515 | 1 Connectwise | 1 Control | 2024-11-21 | 6.5 Medium |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used. | ||||
| CVE-2019-16374 | 1 Pega | 1 Platform | 2024-11-21 | 9.8 Critical |
| Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. | ||||
| CVE-2019-16212 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 8.8 High |
| A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process. | ||||
| CVE-2019-15999 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 6.3 Medium |
| A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts. | ||||
| CVE-2019-15990 | 1 Cisco | 8 Rv016 Multi-wan Vpn, Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn and 5 more | 2024-11-21 | 5.3 Medium |
| A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication. | ||||
| CVE-2019-15956 | 1 Cisco | 2 Asyncos, Web Security Appliance | 2024-11-21 | 8.8 High |
| A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations. | ||||
| CVE-2019-15620 | 1 Nextcloud | 1 Talk | 2024-11-21 | 2.7 Low |
| Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. | ||||