Total
3869 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17134 | 3 Canonical, Opendev, Redhat | 3 Ubuntu Linux, Octavia, Openstack | 2024-11-21 | 9.1 Critical |
| Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. | ||||
| CVE-2019-17023 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-11-21 | 6.5 Medium |
| After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. | ||||
| CVE-2019-16929 | 1 Auth0 | 1 Auth0.net | 2024-11-21 | 7.5 High |
| Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. | ||||
| CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2024-11-21 | 10.0 Critical |
| On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | ||||
| CVE-2019-16327 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. | ||||
| CVE-2019-16286 | 1 Hp | 1 Thinpro Linux | 2024-11-21 | 6.8 Medium |
| An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands. | ||||
| CVE-2019-16250 | 1 Oceanwp | 1 Ocean Extra | 2024-11-21 | 7.5 High |
| includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | ||||
| CVE-2019-16201 | 3 Debian, Redhat, Ruby-lang | 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more | 2024-11-21 | 7.5 High |
| WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. | ||||
| CVE-2019-16190 | 1 Dlink | 6 Dir-868l, Dir-868l Firmware, Dir-885l and 3 more | 2024-11-21 | 9.8 Critical |
| SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. | ||||
| CVE-2019-15993 | 1 Cisco | 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more | 2024-11-21 | 5.3 Medium |
| A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files. | ||||
| CVE-2019-15987 | 1 Cisco | 6 Webex Event Center, Webex Meeting Center, Webex Meetings Online and 3 more | 2024-11-21 | 5.3 Medium |
| A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user. | ||||
| CVE-2019-15897 | 1 Thinkparq | 1 Beegfs | 2024-11-21 | 9.6 Critical |
| beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks). | ||||
| CVE-2019-15803 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2024-11-21 | 9.1 Critical |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. | ||||
| CVE-2019-15796 | 3 Canonical, Debian, Ubuntu | 3 Ubuntu Linux, Python-apt, Python-apt | 2024-11-21 | 4.7 Medium |
| Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. | ||||
| CVE-2019-15648 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2024-11-21 | N/A |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. | ||||
| CVE-2019-15620 | 1 Nextcloud | 1 Talk | 2024-11-21 | 2.7 Low |
| Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. | ||||
| CVE-2019-15617 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.4 Medium |
| A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | ||||
| CVE-2019-15615 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 6.1 Medium |
| A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | ||||
| CVE-2019-15585 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.8 Critical |
| Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | ||||
| CVE-2019-15299 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | ||||