Vulnerabilities (CVE)

Total 310085 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19895 1 Ixpdata 1 Easyinstall 2024-11-21 4.6 MEDIUM 7.8 HIGH
In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users.
CVE-2019-19894 1 Ixpdata 1 Easyinstall 2024-11-21 2.1 LOW 5.5 MEDIUM
In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP.
CVE-2019-19893 1 Ixpdata 1 Easyinstall 2024-11-21 7.8 HIGH 7.5 HIGH
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.
CVE-2019-19891 1 Mitel 2 Sip-dect, Sip-dect Firmware 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information.
CVE-2019-19890 1 Humaxdigital 2 Hgb10r-02, Hgb10r-02 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.
CVE-2019-19889 1 Humaxdigital 2 Hgb10r-02, Hgb10r-02 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.
CVE-2019-19888 1 Rockcarry 1 Ffjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.
CVE-2019-19887 1 Rockcarry 1 Ffjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.
CVE-2019-19885 1 Bender 12 Com465dp, Com465dp Firmware, Com465id and 9 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.
CVE-2019-19882 1 Shadow Project 1 Shadow 2024-11-21 6.9 MEDIUM 7.8 HIGH
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).
CVE-2019-19880 8 Debian, Netapp, Opensuse and 5 more 12 Debian Linux, Cloud Backup, Backports Sle and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVE-2019-19879 1 Hashicorp 1 Sentinel 2024-11-21 5.0 MEDIUM 7.5 HIGH
HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2.
CVE-2019-19878 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.
CVE-2019-19877 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.
CVE-2019-19876 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
CVE-2019-19875 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.
CVE-2019-19874 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.
CVE-2019-19873 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.
CVE-2019-19872 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364.
CVE-2019-19869 1 Br-automation 1 Industrial Automation Aprol 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.