Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13523 | 1 Honeywell | 118 H2w2pc1m, H2w2pc1m Firmware, H2w2per3 and 115 more | 2024-08-04 | 5.3 Medium |
| In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. | ||||
| CVE-2019-13547 | 1 Advantech | 1 Wise-paas\/rmm | 2024-08-04 | 9.8 Critical |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | ||||
| CVE-2019-13525 | 1 Honeywell | 2 Ip-ak2, Ip-ak2 Firmware | 2024-08-04 | 5.3 Medium |
| In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. | ||||
| CVE-2019-13344 | 1 Crudlab | 1 Wp Like Button | 2024-08-04 | N/A |
| An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter. | ||||
| CVE-2019-13338 | 1 Weseek | 1 Growi | 2024-08-04 | N/A |
| In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field. | ||||
| CVE-2019-13194 | 1 Brother | 600 Ads-2400n, Ads-2400n Firmware, Ads-2800w and 597 more | 2024-08-04 | 7.5 High |
| Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. | ||||
| CVE-2019-13205 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-08-04 | 7.5 High |
| All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer. | ||||
| CVE-2019-13131 | 1 Supermicro | 1 Superdoctor 5 | 2024-08-04 | N/A |
| Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. | ||||
| CVE-2019-13101 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | ||||
| CVE-2019-12919 | 1 Cylan | 4 Clever Dog Smart Camera Panorama Dog-2w, Clever Dog Smart Camera Panorama Dog-2w Firmware, Clever Dog Smart Camera Plus Dog-2w-v4 and 1 more | 2024-08-04 | N/A |
| On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device. | ||||
| CVE-2019-12890 | 1 Redwoodhq | 1 Redwoodhq | 2024-08-04 | N/A |
| RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. | ||||
| CVE-2019-12505 | 1 Inateck | 2 Wp1001, Wp1001 Firmware | 2024-08-04 | N/A |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | ||||
| CVE-2019-12524 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-08-04 | 9.8 Critical |
| An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. | ||||
| CVE-2019-12500 | 1 Mi | 2 M365, M365 Firmware | 2024-08-04 | N/A |
| The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. | ||||
| CVE-2019-12503 | 1 Inateck | 2 Bcst-60, Bcst-60 Firmware | 2024-08-04 | 9.8 Critical |
| Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | ||||
| CVE-2019-12506 | 1 Logitech | 2 R700 Laser Presentation Remote, R700 Laser Presentation Remote Firmware | 2024-08-04 | N/A |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | ||||
| CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-04 | N/A |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | ||||
| CVE-2019-12409 | 2 Apache, Linux | 2 Solr, Linux Kernel | 2024-08-04 | 9.8 Critical |
| The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server. | ||||
| CVE-2019-12392 | 1 Anviz | 1 Anviz Firmware | 2024-08-04 | 9.8 Critical |
| Anviz access control devices allow remote attackers to issue commands without a password. | ||||
| CVE-2019-12389 | 1 Anviz | 1 Anviz Firmware | 2024-08-04 | 7.5 High |
| Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | ||||