Vulnerabilities (CVE)

CWE filter

CWE-284

Filter

3548 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-17148 1 Nagios 1 Nagios Xi 2019-06-21 5.0
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing...
CVE-2019-2729 1 Oracle 1 Weblogic Server 2019-06-21 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows...
CVE-2018-16553 1 Jspxcms 1 Jspxcms 2019-06-21 6.5
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.
CVE-2019-12894 1 Alternate-tools 1 Alternate Pic View 2019-06-21 5.0
Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b.
CVE-2019-12897 1 Edrawsoft 1 Edraw Max 2019-06-21 5.0
Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074.
CVE-2019-0090 1 Intel 1 Server Platform Services 2019-06-21 4.6
Insufficient access control vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2017-10721 1 Ishekar 1 Endoscope Camera Firmware 2019-06-20 4.0
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use...
CVE-2019-10962 1 Bd 1 Alaris Gateway Workstation Firmware 2019-06-19 5.0
BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation...
CVE-2018-18958 2019-06-19 4.0
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.
CVE-2019-6571 1 Siemens 8 6ed1052-1cc01-0ba8 Firmware, 6ed1052-1fb00-0ba8 Firmware, 6ed1052-1hb00-0ba8 Firmware and 5 more 2019-06-19 7.8
A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port...
CVE-2019-6584 1 Siemens 8 6ed1052-1cc01-0ba8 Firmware, 6ed1052-1fb00-0ba8 Firmware, 6ed1052-1hb00-0ba8 Firmware and 5 more 2019-06-19 6.8
A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). The integrated webserver does not...
CVE-2018-3258 1 Oracle 1 Connector%2fj 2019-06-19 6.5
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...
CVE-2019-12395 2 Dynmap Project, Getbukkit 2 Dynmap, Spigot 2019-06-18 5.0
In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting.
CVE-2019-4176 1 Ibm 1 Cognos Controller 2019-06-18 5.0
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to...
CVE-2019-7158 1 Open-xchange 1 Open-xchange Appsuite 2019-06-18 7.5
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
CVE-2018-13901 1 Qualcomm 30 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware and 27 more 2019-06-17 2.1
Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...
CVE-2019-11068 3 Xmlsoft, Canonical, Debian 3 Libxslt, Ubuntu Linux, Debian Linux 2019-06-14 7.5
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and...
CVE-2019-0314 1 Sap 2 Inventory Manager, Work Manager 2019-06-13 4.3
SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2019-12764 1 Joomla 1 Joomla%21 2019-06-12 4.0
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVE-2019-2556 1 Oracle 1 Vm Virtualbox 2019-06-11 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with...