Export limit exceeded: 10914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8704 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 5.5 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information. | ||||
| CVE-2019-8634 | 1 Apple | 1 Mac Os X | 2024-11-21 | 8.8 High |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account. | ||||
| CVE-2019-8533 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.8 High |
| A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor. | ||||
| CVE-2019-8456 | 1 Checkpoint | 1 Ipsec Vpn | 2024-11-21 | 5.9 Medium |
| Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. | ||||
| CVE-2019-8443 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 8.1 High |
| The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | ||||
| CVE-2019-8108 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 Medium |
| Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management. | ||||
| CVE-2019-7666 | 1 Primasystems | 1 Flexair | 2024-11-21 | 8.8 High |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password. | ||||
| CVE-2019-7611 | 2 Elastic, Redhat | 3 Elasticsearch, Jboss Enterprise Bpms Platform, Jboss Enterprise Brms Platform | 2024-11-21 | 8.1 High |
| A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. | ||||
| CVE-2019-7579 | 1 Linksys | 2 Wrt1900acs, Wrt1900acs Firmware | 2024-11-21 | N/A |
| An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network. | ||||
| CVE-2019-7524 | 5 Canonical, Debian, Dovecot and 2 more | 5 Ubuntu Linux, Debian Linux, Dovecot and 2 more | 2024-11-21 | N/A |
| In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. | ||||
| CVE-2019-7489 | 1 Sonicwall | 1 Email Security Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | ||||
| CVE-2019-7479 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 7.2 High |
| A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | ||||
| CVE-2019-7476 | 1 Sonicwall | 1 Global Management System | 2024-11-21 | 8.1 High |
| A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. | ||||
| CVE-2019-7475 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 9.8 Critical |
| A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | ||||
| CVE-2019-7392 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | ||||
| CVE-2019-7282 | 3 Debian, Fedoraproject, Netkit | 3 Debian Linux, Fedora, Netkit | 2024-11-21 | 5.9 Medium |
| In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. | ||||
| CVE-2019-7226 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2024-11-21 | 8.8 High |
| The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response. | ||||
| CVE-2019-7218 | 1 Citrix | 1 Sharefile | 2024-11-21 | N/A |
| Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA). | ||||
| CVE-2019-7163 | 1 Tcl | 2 Alcatel Linkzone, Alcatel Linkzone Firmware | 2024-11-21 | N/A |
| The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. | ||||
| CVE-2019-6995 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. | ||||