Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20032 | 1 Sonicwall | 1 Analytics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.
|
|||||
| CVE-2021-0222 | 1 Juniper | 12 Ex2300, Ex3400, Ex4300 and 9 more | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
|
A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs. Continued receipt of these crafted protocol packets will cause an extended Denial of Service (DoS) condition, which may cause wider traffic impa ...
Show More |
|||||
| CVE-2020-8353 | 1 Lenovo | 28 Thinkcentre M80s, Thinkcentre M80s Firmware, Thinkcentre M80t and 25 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
|
|||||
| CVE-2020-8351 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
|
|||||
| CVE-2020-3484 | 1 Cisco | 1 Vision Dynamic Signage Director | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the ...
Show More |
|||||
| CVE-2020-2041 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.
|
|||||
| CVE-2020-1769 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
|
|||||
| CVE-2019-3949 | 1 Arlo | 10 Vmb3010, Vmb3010 Firmware, Vmb3500 and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.
|
|||||
| CVE-2019-3939 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.
|
|||||
| CVE-2019-1868 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information.
|
|||||
| CVE-2019-1829 | 1 Cisco | 14 Aironet 1542d, Aironet 1542i, Aironet 1562d and 11 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI com ...
Show More |
|||||
| CVE-2019-1742 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.
|
|||||
| CVE-2019-1585 | 1 Cisco | 20 Application Policy Infrastructure Controller Software, Nexus 92160yc-x, Nexus 92304qc and 17 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrativ ...
Show More |
|||||
| CVE-2019-19097 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
|
|||||
| CVE-2019-19092 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.
|
|||||
| CVE-2019-19091 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.
|
|||||
| CVE-2019-19090 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
|
|||||
| CVE-2019-19089 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript.
|
|||||
| CVE-2019-19003 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
|
|||||
| CVE-2019-19002 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
|
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
|
|||||
| CVE-2019-19001 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.
|
|||||
| CVE-2019-19000 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.
|
|||||
| CVE-2019-18579 | 1 Dell | 2 Xps 7390, Xps 7390 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.
|
|||||
| CVE-2019-16760 | 1 Rust-lang | 1 Rust | 2024-11-21 | 5.0 MEDIUM | 4.6 MEDIUM |
|
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust ...
Show More |
|||||
| CVE-2019-15993 | 1 Cisco | 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes conf ...
Show More |
|||||
| CVE-2018-15448 | 1 Cisco | 1 Registered Envelope Service | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to d ...
Show More |
|||||
| CVE-2018-15386 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.
|
|||||
| CVE-2018-0275 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. ...
Show More |
|||||
| CVE-2018-0263 | 1 Cisco | 1 Meeting Server | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
|
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected ...
Show More |
|||||
| CVE-2018-0262 | 1 Cisco | 1 Meeting Server | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well ...
Show More |
|||||
| CVE-2017-3210 | 4 Fujitsu, Hp, Philips and 1 more | 6 Displayview Click, Displayview Click Suite, Display Assistant and 3 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM pr ...
Show More |
|||||
| CVE-2016-10446 | 1 Qualcomm | 16 Mdm9206, Mdm9206 Firmware, Mdm9650 and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, and SD 835, incorrect configuration of the OCIMEM MPU may provide NonSecure Software access to OCIMEM memory used by TZ.
|
|||||
| CVE-2015-9197 | 1 Qualcomm | 40 Mdm9206, Mdm9206 Firmware, Mdm9607 and 37 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, when enabling XPUs for SMEM partitions, if configuration values are out of range, memory access outside the SMEM may occur and set incorrect XPU configurations.
|
|||||
| CVE-2024-47294 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-01 | N/A | 7.5 HIGH |
|
Access permission verification vulnerability in the input method framework module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-47291 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-01 | N/A | 5.5 MEDIUM |
|
Permission vulnerability in the ActivityManagerService (AMS) module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||