Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10939 | 1 Siemens | 10 Tim 3v-ie, Tim 3v-ie Advanced, Tim 3v-ie Advanced Firmware and 7 more | 2020-10-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2020-12818 | 1 Fortinet | 36 Fortigate 1000d, Fortigate 100e, Fortigate 100f and 33 more | 2020-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | |||||
| CVE-2020-26541 | 1 Linux | 1 Linux Kernel | 2020-10-04 | 6.9 MEDIUM | 6.5 MEDIUM |
| The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | |||||
| CVE-2019-11278 | 1 Cloudfoundry | 1 User Account And Authentication | 2020-10-04 | 6.5 MEDIUM | 8.8 HIGH |
| CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. | |||||
| CVE-2019-11279 | 1 Cloudfoundry | 1 Uaa Release | 2020-10-04 | 6.5 MEDIUM | 8.8 HIGH |
| CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. | |||||
| CVE-2019-11254 | 1 Kubernetes | 1 Kubernetes | 2020-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. | |||||
| CVE-2019-10988 | 1 Philips | 2 Hdi 4000, Hdi 4000 Firmware | 2020-10-02 | 3.6 LOW | 3.4 LOW |
| In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product. | |||||
| CVE-2018-7520 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2020-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. | |||||
| CVE-2019-10962 | 1 Bd | 2 Alaris Gateway Workstation, Alaris Gateway Workstation Firmware | 2020-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. | |||||
| CVE-2019-10162 | 2 Opensuse, Powerdns | 2 Leap, Authoritative | 2020-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify. | |||||
| CVE-2019-10417 | 1 Jenkins | 1 Kubernetes Pipeline | 2020-10-02 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
| CVE-2019-10928 | 1 Siemens | 2 Scalance Sc-600, Scalance Sc-600 Firmware | 2020-10-02 | 4.6 MEDIUM | 6.6 MEDIUM |
| A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device. | |||||
| CVE-2019-10375 | 1 Jenkins | 1 File System Scm | 2020-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. | |||||
| CVE-2019-10938 | 1 Siemens | 25 6md85, 6md86, 6md89 and 22 more | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-10436 | 1 Jenkins | 1 Google Oauth Credentials | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master. | |||||
| CVE-2019-10189 | 1 Moodle | 1 Moodle | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. | |||||
| CVE-2019-10970 | 1 Rockwellautomation | 2 Panelview 5510, Panelview 5510 Firmware | 2020-10-01 | 10.0 HIGH | 9.8 CRITICAL |
| In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. | |||||
| CVE-2019-10968 | 1 Philips | 1 Zymed Holter 2010 | 2020-10-01 | 2.1 LOW | 4.4 MEDIUM |
| Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled. | |||||
| CVE-2019-10418 | 1 Jenkins | 1 Kubernetes Pipeline | 2020-10-01 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
| CVE-2019-10380 | 1 Jenkins | 1 Simple Travis Pipeline Runner | 2020-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | |||||