ReportizFlow
Filtered by vendor
Subscriptions
Total
1344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6808 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 9.8 Critical |
| A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. | ||||
| CVE-2019-6652 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 6.5 Medium |
| In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS). | ||||
| CVE-2019-6543 | 1 Aveva | 2 Indusoft Web Studio, Intouch Machine Edition 2014 | 2024-11-21 | 9.8 Critical |
| AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine. | ||||
| CVE-2019-6542 | 1 Enttec | 6 Datagate Mk2, Datagate Mk2 Firmware, Pixelator and 3 more | 2024-11-21 | 7.5 High |
| ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition. | ||||
| CVE-2019-6538 | 1 Medtronic | 40 Amplia Crt-d, Amplia Crt-d Firmware, Carelink 2090 and 37 more | 2024-11-21 | 6.5 Medium |
| The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. | ||||
| CVE-2019-6533 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2024-11-21 | 9.1 Critical |
| Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166). | ||||
| CVE-2019-6451 | 1 Soyal | 4 Ar-727h, Ar-727h Firmware, Ar-829ev5 and 1 more | 2024-11-21 | 7.5 High |
| On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access. | ||||
| CVE-2019-6447 | 1 Estrongs | 1 Es File Explorer File Manager | 2024-11-21 | 8.1 High |
| The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP. | ||||
| CVE-2019-5644 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 10 Critical |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator. | ||||
| CVE-2019-5643 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 5.3 Medium |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation. | ||||
| CVE-2019-5620 | 2 Hitachienergy, Microsoft | 3 Microscada Pro Sys600, Windows 7, Windows Xp | 2024-11-21 | 9.8 Critical |
| ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. | ||||
| CVE-2019-5617 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 10 Critical |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user. | ||||
| CVE-2019-5591 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | ||||
| CVE-2019-5514 | 1 Vmware | 1 Fusion | 2024-11-21 | N/A |
| VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines. | ||||
| CVE-2019-5504 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2024-11-21 | 9.8 Critical |
| ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | ||||
| CVE-2019-5451 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.6 Medium |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | ||||
| CVE-2019-5164 | 2 Opensuse, Shadowsocks | 3 Backports Sle, Leap, Shadowsocks-libev | 2024-11-21 | 7.8 High |
| An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | ||||
| CVE-2019-5163 | 2 Opensuse, Shadowsocks | 3 Backports, Leap, Shadowsocks-libev | 2024-11-21 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. | ||||
| CVE-2019-5152 | 1 Shadowsocks | 1 Shadowsocks-libev | 2024-11-21 | 7.4 High |
| An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. | ||||
| CVE-2019-5080 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2024-11-21 | 9.1 Critical |
| An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. | ||||