Total
1396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12506 | 1 Logitech | 2 R700 Laser Presentation Remote, R700 Laser Presentation Remote Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | |||||
| CVE-2019-12505 | 1 Inateck | 2 Wp1001, Wp1001 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | |||||
| CVE-2019-12503 | 1 Inateck | 2 Bcst-60, Bcst-60 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | |||||
| CVE-2019-12500 | 1 Mi | 2 M365, M365 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. | |||||
| CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | |||||
| CVE-2019-12392 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Anviz access control devices allow remote attackers to issue commands without a password. | |||||
| CVE-2019-12390 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. | |||||
| CVE-2019-12389 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | |||||
| CVE-2019-12289 | 1 Vstracam | 4 C38s, C38s Firmware, C7824wip and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command. | |||||
| CVE-2019-12288 | 2 Vstarcam, Vstracm | 4 C7824iwp, C7824iwp Firmware, C38s and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update. | |||||
| CVE-2019-12174 | 1 Hide | 1 Hide.me | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context. | |||||
| CVE-2019-12130 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12129 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12128 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12125 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12105 | 1 Supervisord | 1 Supervisor | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| ** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation. | |||||
| CVE-2019-11523 | 1 Anviz | 2 M3, M3 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address). | |||||
| CVE-2019-11496 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0. | |||||