Total
3603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11576 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password. | |||||
| CVE-2019-11488 | 1 Simplybook | 1 Simplybook | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history. | |||||
| CVE-2019-11234 | 4 Canonical, Fedoraproject, Freeradius and 1 more | 4 Ubuntu Linux, Fedora, Freeradius and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | |||||
| CVE-2019-11232 | 1 Eic | 1 Biyan | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element. | |||||
| CVE-2019-11202 | 1 Suse | 1 Rancher | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them. | |||||
| CVE-2019-11187 | 2 Debian, Gonicus | 2 Debian Linux, Gosa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. | |||||
| CVE-2019-11170 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | |||||
| CVE-2019-11081 | 1 Dentsplysirona | 1 Sidexis | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. | |||||
| CVE-2019-11064 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. | |||||
| CVE-2019-11018 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | |||||
| CVE-2019-11015 | 1 Miui | 1 Miui | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page. | |||||
| CVE-2019-10998 | 1 Phoenixcontact | 4 Axc F 2152, Axc F 2152 Firmware, Axc F 2152 Starterkit and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. | |||||
| CVE-2019-10966 | 1 Ge | 8 Aespire 7100, Aespire 7100 Firmware, Aespire 7900 and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | |||||
| CVE-2019-10911 | 2 Drupal, Sensiolabs | 2 Drupal, Symfony | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. | |||||
| CVE-2019-10884 | 1 Uniqkey | 1 Password Manager | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security. | |||||
| CVE-2019-10689 | 1 Polycom | 2 Better Together Over Ethernet Connector, Unified Communications Software | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information. | |||||
| CVE-2019-10661 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | |||||
| CVE-2019-10643 | 1 Contao | 1 Contao Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 4.7 allows Use of a Key Past its Expiration Date. | |||||
| CVE-2019-10562 | 1 Qualcomm | 56 Ipq6018, Ipq6018 Firmware, Kamorta and 53 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-10273 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account. | |||||