Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0062 | 1 Sillycycle | 1 Xlockmore | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | |||||
| CVE-2019-18230 | 1 Honeywell | 96 H2w2gr1, H2w2gr1 Firmware, H3w2gr1 and 93 more | 2019-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. | |||||
| CVE-2019-18465 | 1 Ipswitch | 1 Moveit Transfer | 2019-11-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. | |||||
| CVE-2019-3978 | 1 Mikrotik | 1 Routeros | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning | |||||
| CVE-2019-13525 | 1 Honeywell | 2 Ip-ak2, Ip-ak2 Firmware | 2019-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. | |||||
| CVE-2019-15282 | 1 Cisco | 1 Identity Services Engine Software | 2019-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme. | |||||
| CVE-2019-9529 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2019-10-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. | |||||
| CVE-2019-1876 | 1 Cisco | 1 Wide Area Application Services | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies. | |||||
| CVE-2019-1631 | 1 Cisco | 2 Integrated Management Controller, Unified Computing System | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow an attacker to view sensitive system data. | |||||
| CVE-2019-1629 | 1 Cisco | 2 Integrated Management Controller, Unified Computing System | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts. | |||||
| CVE-2018-7357 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2019-10-09 | 3.3 LOW | 8.8 HIGH |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | |||||
| CVE-2018-5393 | 1 Tp-link | 1 Eap Controller | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. | |||||
| CVE-2018-18995 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. | |||||
| CVE-2018-14796 | 1 Tec4data | 2 Smartcooler, Smartcooler Firmware | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. | |||||
| CVE-2018-15466 | 1 Cisco | 1 Policy Suite For Mobile | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment. | |||||
| CVE-2018-10635 | 1 Universal-robots | 2 Cb3.1, Cb3.1 Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained. | |||||
| CVE-2018-0376 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109. | |||||
| CVE-2018-0377 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017. | |||||
| CVE-2018-0181 | 1 Cisco | 2 Cisco Policy Suite Diameter Routing Agent, Cisco Policy Suite For Mobile | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software. | |||||
| CVE-2018-0374 | 1 Cisco | 1 Mobility Services Engine | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134. | |||||