Export limit exceeded: 351147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3292 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5514 | 1 Vmware | 1 Fusion | 2024-11-21 | N/A |
| VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines. | ||||
| CVE-2019-5504 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-11-21 | 9.8 Critical |
| ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | ||||
| CVE-2019-5456 | 1 Ui | 1 Unifi Controller | 2024-11-21 | 8.1 High |
| SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | ||||
| CVE-2019-5451 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.6 Medium |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | ||||
| CVE-2019-5421 | 1 Plataformatec | 1 Devise | 2024-11-21 | 9.8 Critical |
| Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later. | ||||
| CVE-2019-5309 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2024-11-21 | 4.6 Medium |
| Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. | ||||
| CVE-2019-5263 | 1 Huawei | 2 Hisuite, Hwbackup | 2024-11-21 | 5.5 Medium |
| HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. | ||||
| CVE-2019-5217 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2024-11-21 | N/A |
| There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. | ||||
| CVE-2019-5164 | 2 Opensuse, Shadowsocks | 3 Backports Sle, Leap, Shadowsocks-libev | 2024-11-21 | 7.8 High |
| An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | ||||
| CVE-2019-5163 | 2 Opensuse, Shadowsocks | 3 Backports, Leap, Shadowsocks-libev | 2024-11-21 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. | ||||
| CVE-2019-5152 | 1 Shadowsocks | 1 Shadowsocks-libev | 2024-11-21 | 7.4 High |
| An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. | ||||
| CVE-2019-5080 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2024-11-21 | 9.1 Critical |
| An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. | ||||
| CVE-2019-5078 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2024-11-21 | 9.1 Critical |
| An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2019-5077 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2024-11-21 | 9.1 Critical |
| An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2019-5035 | 1 Google | 2 Nest Cam Iq, Nest Cam Iq Indoor Firmware | 2024-11-21 | 9.0 Critical |
| An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability. | ||||
| CVE-2019-5014 | 1 Wincofireworks | 2 Fw-1007, Fw-1007 Firmware | 2024-11-21 | 6.5 Medium |
| An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. | ||||
| CVE-2019-4551 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 5.3 Medium |
| IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953. | ||||
| CVE-2019-4520 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 7.5 High |
| IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. | ||||
| CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2024-11-21 | 9.8 Critical |
| HCL AppScan Standard is vulnerable to excessive authorization attempts | ||||
| CVE-2019-4337 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 5.3 Medium |
| IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. | ||||