Vulnerabilities (CVE)

CWE filter

CWE-254

Filter

938 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-4310 1 Ibm 1 Security Guardium Big Data Intelligence 2019-08-23 5.0
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.
CVE-2019-1163 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-08-22 4.3
A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka 'Windows File Signature Security Feature Bypass Vulnerability'.
CVE-2015-9331 1 Soflyy 1 Wp All Import 2019-08-22 5.0
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
CVE-2015-9318 1 Getawesomesupport 1 Awesome Support 2019-08-22 5.0
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
CVE-2015-5184 1 Apache 1 Activemq 2019-08-21 7.5
The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.
CVE-2015-5183 2 Apache, Redhat 3 Activemq, Jboss A-mq, Jboss Fuse 2019-08-21 7.5
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
CVE-2019-14951 1 Telenav 1 Scout Gps Link 2019-08-21 5.0
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen...
CVE-2019-7957 1 Adobe 1 Creative Cloud 2019-08-21 5.0
Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.
CVE-2019-7779 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2019-08-21 10.0
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a security bypass vulnerability....
CVE-2019-7041 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2019-08-21 6.8
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-11270 1 Pivotal Software 3 Application Service, Cloud Foundry Uaa, Operations Manager 2019-08-20 5.0
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with...
CVE-2019-1192 1 Microsoft 2 Edge, Internet Explorer 2019-08-20 4.3
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.
CVE-2019-5299 2019-08-20 6.8
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic,...
CVE-2018-18345 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 4.3
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
CVE-2019-5397 2019-08-16 9.7
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVE-2019-14707 1 Microdigital 3 Mdc-n2190v Firmware, Mdc-n4090 Firmware, Mdc-n4090w Firmware 2019-08-14 6.5
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a...
CVE-2019-13143 1 Shenzhen Dragon Brothers 1 Fb50 Firmware 2019-08-14 9.0
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind...
CVE-2018-20960 1 Nespresso 1 Prodigo Firmware 2019-08-14 4.8
Nespresso Prodigio devices lack Bluetooth connection security.
CVE-2018-20959 1 Jura 1 E8 Firmware 2019-08-14 4.8
Jura E8 devices lack Bluetooth connection security.
CVE-2019-14773 1 Webcraftic 1 Woody Ad Snippets 2019-08-14 6.4
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.