Vulnerabilities (CVE)

CWE filter

CWE-284

Filter

3255 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1666 1 Cisco 1 Hyperflex Hx Data Platform 2019-02-21 5.0
A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could...
CVE-2018-10612 2019-02-21 10.0
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive...
CVE-2019-7390 1 Dlink 1 Dir-823g Firmware 2019-02-21 5.0
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via...
CVE-2016-3159 4 Xen, Fedoraproject, Oracle and 1 more 4 Vm Server, Xen, Fedora and 1 more 2019-02-21 1.7
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another...
CVE-2013-5654 1 Yingzhipython Project 1 Yingzhipython 2019-02-21 9.4
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
CVE-2018-20587 2019-02-21 2.1
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests...
CVE-2018-9867 2019-02-21 2.1
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability...
CVE-2019-3475 1 Microfocus 1 Filr 2019-02-21 7.2
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2016-2788 2 Puppetlabs, Puppet 3 Puppet, Marionette-collective, Puppet 2019-02-21 7.5
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
CVE-2018-20146 2019-02-21 7.2
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-6260 1 Aspeedtech 2 Ast2400 Firmware, Ast2500 Firmware 2019-02-20 7.5
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or...
CVE-2019-0266 1 Sap 1 Hana Extended Application Services 2019-02-20 5.0
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized...
CVE-2019-1003006 1 Jenkins 1 Groovy 2019-02-19 6.5
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that...
CVE-2018-15395 1 Cisco 1 Wireless Lan Controller Software 2019-02-19 2.7
A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal...
CVE-2019-8392 1 Dlink 1 Dir-823g Firmware 2019-02-19 5.0
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
CVE-2019-6703 1 Calmar-webmedia 1 Total Donations 2019-02-19 7.5
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers...
CVE-2019-7399 2019-02-19 5.8
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
CVE-2018-20685 1 Openbsd 1 Openssh 2019-02-16 2.6
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2019-1000011 1 Api-platform 1 Core 2019-02-15 5.5
API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via...
CVE-2019-2421 1 Oracle 1 Peoplesoft Enterprise Human Capital Management Eprofile Manager Desktop 2019-02-15 5.8
Vulnerability in the PeopleSoft Enterprise HCM eProfile Manager Desktop component of Oracle PeopleSoft Products (subcomponent: Guided Self Service). The supported version that is affected is 9.2. Easily exploitable vulnerability allows...