Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0521 | 1 Buffalo | 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware | 2024-08-05 | N/A |
| Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | ||||
| CVE-2018-0376 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-08-05 | N/A |
| A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109. | ||||
| CVE-2018-0374 | 1 Cisco | 1 Mobility Services Engine | 2024-08-05 | N/A |
| A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134. | ||||
| CVE-2018-0377 | 1 Cisco | 2 Mobility Services Engine, Policy Suite | 2024-08-05 | N/A |
| A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017. | ||||
| CVE-2018-0127 | 1 Cisco | 4 Rv132w, Rv132w Firmware, Rv134w and 1 more | 2024-08-05 | 9.8 Critical |
| A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172. | ||||
| CVE-2019-1010136 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-08-05 | N/A |
| ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote. | ||||
| CVE-2019-25020 | 1 Scytl | 1 Secure Vote | 2024-08-05 | 7.5 High |
| An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. | ||||
| CVE-2019-20529 | 1 Frappe | 1 Frappe | 2024-08-05 | 7.5 High |
| In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files. | ||||
| CVE-2019-20624 | 1 Google | 1 Android | 2024-08-05 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019). | ||||
| CVE-2019-20595 | 1 Google | 1 Android | 2024-08-05 | 2.4 Low |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019). | ||||
| CVE-2019-20598 | 1 Google | 1 Android | 2024-08-05 | 2.4 Low |
| An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019). | ||||
| CVE-2019-20559 | 1 Google | 1 Android | 2024-08-05 | 2.4 Low |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019). | ||||
| CVE-2019-20579 | 1 Google | 1 Android | 2024-08-05 | 2.4 Low |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019). | ||||
| CVE-2019-20550 | 1 Google | 1 Android | 2024-08-05 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019). | ||||
| CVE-2019-20532 | 1 Google | 1 Android | 2024-08-05 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 (December 2019). | ||||
| CVE-2019-20143 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control. | ||||
| CVE-2019-19800 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-05 | 5.3 Medium |
| Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | ||||
| CVE-2019-19822 | 11 Ciktel, Coship, Fg-products and 8 more | 36 Mesh Router, Mesh Router Firmware, Emta Ap and 33 more | 2024-08-05 | 7.5 High |
| A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. | ||||
| CVE-2019-19799 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-05 | 5.3 Medium |
| Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | ||||
| CVE-2019-19224 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-08-05 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | ||||