Export limit exceeded: 10689 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10689 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9629 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | ||||
| CVE-2019-9564 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2024-11-21 | 7.5 High |
| A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | ||||
| CVE-2019-9531 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-11-21 | 9.8 Critical |
| The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. | ||||
| CVE-2019-9530 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-11-21 | 5.5 Medium |
| The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory. | ||||
| CVE-2019-9529 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-11-21 | 5.5 Medium |
| The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. | ||||
| CVE-2019-9510 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2024-11-21 | 5.3 Medium |
| A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later. | ||||
| CVE-2019-9499 | 6 Debian, Fedoraproject, Freebsd and 3 more | 9 Debian Linux, Fedora, Freebsd and 6 more | 2024-11-21 | 8.1 High |
| The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. | ||||
| CVE-2019-9498 | 6 Debian, Fedoraproject, Freebsd and 3 more | 9 Debian Linux, Fedora, Freebsd and 6 more | 2024-11-21 | 8.1 High |
| The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. | ||||
| CVE-2019-9497 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2024-11-21 | N/A |
| The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. | ||||
| CVE-2019-9496 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2024-11-21 | N/A |
| An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. | ||||
| CVE-2019-9124 | 2 D-link, Dlink | 2 Dir-878 Firmware, Dir-878 | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | ||||
| CVE-2019-8990 | 1 Tibco | 1 Activematrix Businessworks | 2024-11-21 | 8.1 High |
| The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2. | ||||
| CVE-2019-8978 | 1 Ellucian | 2 Banner Enterprise Identity Services, Banner Web Tailor | 2024-11-21 | N/A |
| An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim's session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim's UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim. | ||||
| CVE-2019-8804 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.7 Medium |
| An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. | ||||
| CVE-2019-8760 | 1 Apple | 1 Iphone Os | 2024-11-21 | 6.8 Medium |
| This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | ||||
| CVE-2019-8704 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 5.5 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information. | ||||
| CVE-2019-8634 | 1 Apple | 1 Mac Os X | 2024-11-21 | 8.8 High |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account. | ||||
| CVE-2019-8533 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.8 High |
| A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor. | ||||
| CVE-2019-8456 | 1 Checkpoint | 1 Ipsec Vpn | 2024-11-21 | 5.9 Medium |
| Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. | ||||
| CVE-2019-8443 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 8.1 High |
| The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | ||||