ReportizFlow
Filtered by vendor
Subscriptions
Total
3888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3878 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 11 Ubuntu Linux, Fedora, Mod Auth Mellon and 8 more | 2024-11-21 | N/A |
| A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. | ||||
| CVE-2019-3825 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Gnome Display Manager, Enterprise Linux | 2024-11-21 | N/A |
| A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | ||||
| CVE-2019-3820 | 4 Canonical, Gnome, Opensuse and 1 more | 5 Ubuntu Linux, Gnome-shell, Leap and 2 more | 2024-11-21 | 4.3 Medium |
| It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. | ||||
| CVE-2019-3798 | 1 Cloudfoundry | 1 Capi-release | 2024-11-21 | N/A |
| Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim. | ||||
| CVE-2019-3775 | 1 Cloudfoundry | 1 Uaa Release | 2024-11-21 | N/A |
| Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user. | ||||
| CVE-2019-3654 | 2 Mcafee, Microsoft | 2 Client Proxy, Windows | 2024-11-21 | 5.3 Medium |
| Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator. | ||||
| CVE-2019-3584 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | N/A |
| Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors. | ||||
| CVE-2019-2018 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-110172241 | ||||
| CVE-2019-20933 | 2 Debian, Influxdata | 2 Debian Linux, Influxdb | 2024-11-21 | 9.8 Critical |
| InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | ||||
| CVE-2019-20879 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry. | ||||
| CVE-2019-20875 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. | ||||
| CVE-2019-20833 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. | ||||
| CVE-2019-20786 | 1 Pion | 1 Dtls | 2024-11-21 | 9.8 Critical |
| handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion. | ||||
| CVE-2019-20620 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019). | ||||
| CVE-2019-20618 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019). | ||||
| CVE-2019-20565 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019). | ||||
| CVE-2019-20533 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019). | ||||
| CVE-2019-20489 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie. | ||||
| CVE-2019-20481 | 1 Miele | 2 Xgw 3000 Zigbee Gateway, Xgw 3000 Zigbee Gateway Firmware | 2024-11-21 | 9.8 Critical |
| In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. | ||||
| CVE-2019-20464 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. | ||||