Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10040 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-08-04 | N/A |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. | ||||
| CVE-2019-10039 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-08-04 | N/A |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. | ||||
| CVE-2019-9935 | 1 Lexmark | 50 Cs31x, Cs31x Firmware, Cs41x and 47 more | 2024-08-04 | N/A |
| Various Lexmark products have Incorrect Access Control (issue 2 of 2). | ||||
| CVE-2019-9934 | 1 Lexmark | 50 Cs31x, Cs31x Firmware, Cs41x and 47 more | 2024-08-04 | N/A |
| Various Lexmark products have Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2019-9881 | 1 Wpengine | 1 Wpgraphql | 2024-08-04 | N/A |
| The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | ||||
| CVE-2019-9879 | 1 Wpengine | 1 Wpgraphql | 2024-08-04 | N/A |
| The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | ||||
| CVE-2019-9871 | 1 Jector | 2 Fm-k75, Fm-k75 Firmware | 2024-08-04 | N/A |
| Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission. | ||||
| CVE-2019-9727 | 1 Eq-3 | 2 Ccu3, Ccu3 Firmware | 2024-08-04 | N/A |
| Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. | ||||
| CVE-2019-9585 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-08-04 | N/A |
| eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata. | ||||
| CVE-2019-9484 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2024-08-04 | N/A |
| The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | ||||
| CVE-2019-9125 | 2 D-link, Dlink | 2 Dir-878 Firmware, Dir-878 | 2024-08-04 | N/A |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | ||||
| CVE-2019-9105 | 1 Saet | 3 Tebe Small, Tebe Small Firmware, Webapp | 2024-08-04 | N/A |
| The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call. | ||||
| CVE-2019-9082 | 3 Opensourcebms, Thinkphp, Zzzcms | 3 Open Source Background Management System, Thinkphp, Zzzphp | 2024-08-04 | 8.8 High |
| ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | ||||
| CVE-2019-8985 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2880 and 1 more | 2024-08-04 | N/A |
| On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. | ||||
| CVE-2019-8682 | 1 Apple | 2 Iphone Os, Watchos | 2024-08-04 | 2.4 Low |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen. | ||||
| CVE-2019-8522 | 1 Apple | 1 Mac Os X | 2024-08-04 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password. | ||||
| CVE-2019-8292 | 1 Online Store System Project | 1 Online Store System | 2024-08-04 | 5.3 Medium |
| Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion. | ||||
| CVE-2019-7727 | 1 Nice | 1 Engage | 2024-08-04 | N/A |
| In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable. | ||||
| CVE-2019-7642 | 1 Dlink | 10 Dir-816, Dir-816 Firmware, Dir-816l and 7 more | 2024-08-04 | 7.5 High |
| D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). | ||||
| CVE-2019-7564 | 1 Coship | 8 Rt3050, Rt3050 Firmware, Rt3052 and 5 more | 2024-08-04 | N/A |
| An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network. | ||||