Total
3595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19006 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. | |||||
| CVE-2019-18906 | 2 Opensuse, Suse | 3 Cryptctl, Linux Enterprise Server, Manager Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. | |||||
| CVE-2019-18848 | 2 Debian, Json-jwt Project | 2 Debian Linux, Json-jwt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. | |||||
| CVE-2019-18823 | 3 Debian, Fedoraproject, Wisc | 3 Debian Linux, Fedora, Htcondor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) | |||||
| CVE-2019-18661 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. | |||||
| CVE-2019-18380 | 1 Symantec | 1 Industrial Control System Protection | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | |||||
| CVE-2019-18374 | 1 Broadcom | 1 Symantec Critical System Protection | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. | |||||
| CVE-2019-18341 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations). | |||||
| CVE-2019-18337 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext. | |||||
| CVE-2019-18332 | 1 Siemens | 1 Sppa-t3000 Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18322 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18321 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18319 | 1 Siemens | 1 Sppa-t3000 Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18318 | 1 Siemens | 1 Sppa-t3000 Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18317 | 1 Siemens | 1 Sppa-t3000 Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18315 | 1 Siemens | 1 Sppa-t3000 Application Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18314 | 1 Siemens | 1 Sppa-t3000 Application Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18312 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18252 | 1 Biotronik | 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure. | |||||
| CVE-2019-18250 | 1 Abb | 2 Plant Connect, Power Generation Information Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. | |||||