Total
1442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12500 | 1 Mi | 2 M365, M365 Firmware | 2024-11-21 | N/A |
| The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. | ||||
| CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | ||||
| CVE-2019-12409 | 2 Apache, Linux | 2 Solr, Linux Kernel | 2024-11-21 | 9.8 Critical |
| The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server. | ||||
| CVE-2019-12392 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 9.8 Critical |
| Anviz access control devices allow remote attackers to issue commands without a password. | ||||
| CVE-2019-12390 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.3 Medium |
| Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. | ||||
| CVE-2019-12389 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 7.5 High |
| Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | ||||
| CVE-2019-12289 | 1 Vstracam | 4 C38s, C38s Firmware, C7824wip and 1 more | 2024-11-21 | N/A |
| An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command. | ||||
| CVE-2019-12288 | 2 Vstarcam, Vstracm | 4 C7824iwp, C7824iwp Firmware, C38s and 1 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update. | ||||
| CVE-2019-12174 | 1 Hide | 1 Hide.me | 2024-11-21 | N/A |
| hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context. | ||||
| CVE-2019-12130 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12129 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12128 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12125 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12120 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12119 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12118 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12117 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12116 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||