Total
34175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5238 | 1 Huawei | 2 Pcmanager\(china\), Pcmanager\(oversea\) | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. | |||||
| CVE-2019-5237 | 1 Huawei | 2 Pcmanager\(china\), Pcmanager\(oversea\) | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. | |||||
| CVE-2019-5215 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
| There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109) | |||||
| CVE-2019-5211 | 1 Huawei | 2 P20, P20 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.7 MEDIUM |
| The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. | |||||
| CVE-2019-5162 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2019-5160 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node. | |||||
| CVE-2019-5136 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2019-5134 | 1 Wago | 4 Pfc100, Pfc100 Firmware, Pfc200 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure. | |||||
| CVE-2019-5024 | 1 Capsuletech | 2 Smartlinx Neuron 2, Smartlinx Neuron 2 Firmware | 2024-11-21 | 7.2 HIGH | 7.6 HIGH |
| A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability. | |||||
| CVE-2019-5015 | 1 Pixar | 1 Renderman | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit. | |||||
| CVE-2019-4762 | 1 Ibm | 1 Mq | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625. | |||||
| CVE-2019-4735 | 2 Apple, Ibm | 2 Iphone Os, Maas360 | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. IBM X-Force ID: 172705. | |||||
| CVE-2019-4719 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. | |||||
| CVE-2019-4713 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. | |||||
| CVE-2019-4705 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. | |||||
| CVE-2019-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. | |||||
| CVE-2019-4701 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. | |||||
| CVE-2019-4692 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. | |||||
| CVE-2019-4679 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515. | |||||
| CVE-2019-4672 | 1 Ibm | 1 Qradar Advisor | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 171438. | |||||