Total
1228 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13101 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | |||||
CVE-2019-12919 | 1 Cylan | 4 Clever Dog Smart Camera Panorama Dog-2w, Clever Dog Smart Camera Panorama Dog-2w Firmware, Clever Dog Smart Camera Plus Dog-2w-v4 and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device. | |||||
CVE-2019-12890 | 1 Redwoodhq | 1 Redwoodhq | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. | |||||
CVE-2019-12634 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal. | |||||
CVE-2019-12524 | 3 Canonical, Debian, Squid-cache | 3 Ubuntu Linux, Debian Linux, Squid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. | |||||
CVE-2019-12506 | 1 Logitech | 2 R700 Laser Presentation Remote, R700 Laser Presentation Remote Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | |||||
CVE-2019-12505 | 1 Inateck | 2 Wp1001, Wp1001 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | |||||
CVE-2019-12503 | 1 Inateck | 2 Bcst-60, Bcst-60 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | |||||
CVE-2019-12500 | 1 Mi | 2 M365, M365 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. | |||||
CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | |||||
CVE-2019-12392 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Anviz access control devices allow remote attackers to issue commands without a password. | |||||
CVE-2019-12390 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. | |||||
CVE-2019-12389 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | |||||
CVE-2019-12289 | 1 Vstracam | 4 C38s, C38s Firmware, C7824wip and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command. | |||||
CVE-2019-12288 | 2 Vstarcam, Vstracm | 4 C7824iwp, C7824iwp Firmware, C38s and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update. | |||||
CVE-2019-12174 | 1 Hide | 1 Hide.me | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context. | |||||
CVE-2019-12130 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
CVE-2019-12129 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
CVE-2019-12128 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. |