Total
3866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11018 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | N/A |
| application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | ||||
| CVE-2019-11015 | 1 Miui | 1 Miui | 2024-11-21 | N/A |
| A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page. | ||||
| CVE-2019-10998 | 1 Phoenixcontact | 4 Axc F 2152, Axc F 2152 Firmware, Axc F 2152 Starterkit and 1 more | 2024-11-21 | N/A |
| An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. | ||||
| CVE-2019-10966 | 1 Ge | 8 Aespire 7100, Aespire 7100 Firmware, Aespire 7900 and 5 more | 2024-11-21 | 5.3 Medium |
| In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | ||||
| CVE-2019-10911 | 2 Drupal, Sensiolabs | 2 Drupal, Symfony | 2024-11-21 | 7.5 High |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. | ||||
| CVE-2019-10884 | 1 Uniqkey | 1 Password Manager | 2024-11-21 | N/A |
| Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security. | ||||
| CVE-2019-10689 | 1 Polycom | 2 Better Together Over Ethernet Connector, Unified Communications Software | 2024-11-21 | N/A |
| VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information. | ||||
| CVE-2019-10661 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2024-11-21 | 9.8 Critical |
| On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | ||||
| CVE-2019-10643 | 1 Contao | 1 Contao Cms | 2024-11-21 | N/A |
| Contao 4.7 allows Use of a Key Past its Expiration Date. | ||||
| CVE-2019-10562 | 1 Qualcomm | 56 Ipq6018, Ipq6018 Firmware, Kamorta and 53 more | 2024-11-21 | 7.8 High |
| u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | ||||
| CVE-2019-10273 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account. | ||||
| CVE-2019-10201 | 1 Redhat | 4 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 1 more | 2024-11-21 | 8.1 High |
| It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information. | ||||
| CVE-2019-10198 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman-tasks | 2024-11-21 | 6.5 Medium |
| An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task. | ||||
| CVE-2019-10157 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Single Sign-on | 2024-11-21 | N/A |
| It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely. | ||||
| CVE-2019-10150 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. | ||||
| CVE-2019-1020018 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.3 High |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. | ||||
| CVE-2019-1003049 | 3 Jenkins, Oracle, Redhat | 4 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift and 1 more | 2024-11-21 | 8.1 High |
| Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | ||||
| CVE-2019-0622 | 1 Microsoft | 1 Skype | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35. | ||||
| CVE-2019-0282 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A |
| Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. | ||||
| CVE-2018-9249 | 1 Fiberhome | 2 Vdsl2 Modem Hg 150-ub, Vdsl2 Modem Hg 150-ub Firmware | 2024-11-21 | N/A |
| FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. | ||||