Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17512 | 1 Dlink | 2 Dir-412, Dir-412 Firmware | 2024-08-05 | 9.1 Critical |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces. | ||||
| CVE-2019-17506 | 1 Dlink | 4 Dir-817lw A1, Dir-817lw A1 Firmware, Dir-868l B1 and 1 more | 2024-08-05 | 9.8 Critical |
| There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. | ||||
| CVE-2019-17353 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-08-05 | 8.2 High |
| An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | ||||
| CVE-2019-17354 | 1 Zyxel | 2 Nbg-418n V2, Nbg-418n V2 Firmware | 2024-08-05 | 9.4 Critical |
| wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page. | ||||
| CVE-2019-17234 | 1 Getigniteup | 1 Igniteup | 2024-08-05 | 7.5 High |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | ||||
| CVE-2019-17235 | 1 Getigniteup | 1 Igniteup | 2024-08-05 | 5.3 Medium |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. | ||||
| CVE-2019-17186 | 1 Fiberhome | 2 Hg2201t, Hg2201t Firmware | 2024-08-05 | 8.8 High |
| /var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution. | ||||
| CVE-2019-17219 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2024-08-05 | 8.8 High |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control. | ||||
| CVE-2019-17232 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-08-05 | 7.5 High |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | ||||
| CVE-2019-17146 | 1 Dlink | 4 Dcs-935l, Dcs-935l Firmware, Dcs-960l and 1 more | 2024-08-05 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458. | ||||
| CVE-2019-16907 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-08-05 | 5.3 Medium |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. | ||||
| CVE-2019-16893 | 1 Tp-link | 2 Tp-sg105e, Tp-sg105e Firmware | 2024-08-05 | 7.5 High |
| The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. | ||||
| CVE-2019-16906 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-08-05 | 7.5 High |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | ||||
| CVE-2019-16879 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-08-05 | 9.8 Critical |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities. | ||||
| CVE-2019-16731 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-08-05 | 7.5 High |
| The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. | ||||
| CVE-2019-16258 | 1 Hom.ee | 2 Brain Cube, Brain Cube Core | 2024-08-05 | 6.8 Medium |
| The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface. | ||||
| CVE-2019-16243 | 1 Alcatelmobile | 2 Cingular Flip 2, Cingular Flip 2 Firmware | 2024-08-05 | 6.1 Medium |
| On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. (This web API is normally used by the system application to trigger firmware updates via OmaService.js.) | ||||
| CVE-2019-16271 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-08-05 | 5.3 Medium |
| DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication. | ||||
| CVE-2019-16199 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-08-05 | 9.8 Critical |
| eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process. | ||||
| CVE-2019-15940 | 1 Govicture | 2 Pc530, Pc530 Firmware | 2024-08-05 | 9.8 Critical |
| Victure PC530 devices allow unauthenticated TELNET access as root. | ||||