Total
3661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7476 | 1 Sonicwall | 1 Global Management System | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. | |||||
| CVE-2019-7475 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
| CVE-2019-6810 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. | |||||
| CVE-2019-6744 | 1 Samsung | 2 Galaxy S9, Knox | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381. | |||||
| CVE-2019-6566 | 1 Ge | 1 Ge Communicator | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | |||||
| CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2019-6544 | 1 Ge | 1 Ge Communicator | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||||
| CVE-2019-6520 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | |||||
| CVE-2019-6517 | 1 Bd | 2 Facslyric, Facslyric Ivd | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions. | |||||
| CVE-2019-6193 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | |||||
| CVE-2019-6144 | 1 Forcepoint | 1 One Endpoint | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | |||||
| CVE-2019-6140 | 1 Forcepoint | 1 Email Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. | |||||
| CVE-2019-5644 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator. | |||||
| CVE-2019-5643 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation. | |||||
| CVE-2019-5617 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user. | |||||
| CVE-2019-5487 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. | |||||
| CVE-2019-5474 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | |||||
| CVE-2019-5452 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | |||||
| CVE-2019-5162 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2019-5136 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||