Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17223 1 Dolibarr 1 Dolibarr 2019-10-15 4.3
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
CVE-2019-10923 1 Siemens 34 Sinumerik 828d, Sinumerik 840d Sl, Dk Standard Ethernet Controller Firmware and 31 more 2019-10-15 5.0
A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for...
CVE-2019-10936 1 Siemens 52 Sinumerik 828d, Sinumerik 840d Sl, Simatic S7-300 Cpu 314 Firmware and 49 more 2019-10-15 5.0
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET...
CVE-2019-17124 1 Kramerav 1 Viaware 2019-10-15 10.0
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
CVE-2019-17355 2019-10-15 N/A
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17356 2019-10-15 N/A
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.
CVE-2019-17394 2019-10-15 N/A
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17396 2019-10-15 N/A
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17398 2019-10-15 N/A
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17601 2019-10-15 N/A
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.
CVE-2019-17602 2019-10-15 N/A
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
CVE-2019-13921 1 Siemens 1 Simatic Winac Rtx %28f%29 2010 2019-10-15 5.0
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability...
CVE-2019-13929 1 Siemens 1 Simatic It Uadm 2019-10-15 4.0
A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write...
CVE-2016-10906 1 Linux 1 Linux Kernel 2019-10-15 4.4
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
CVE-2019-1230 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 4.0
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.
CVE-2019-17600 1 Intelbras 1 Iwr 1000n Firmware 2019-10-15 10.0
Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrator login name and password because v1/system/user is mishandled.
CVE-2019-17510 1 Dlink 1 Dir-846 Firmware 2019-10-15 10.0
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to...
CVE-2019-1338 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-15 4.3
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass...
CVE-2019-17507 1 Dlink 1 Dir-816 A1 Firmware 2019-10-15 5.0
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp,...
CVE-2019-17180 1 Valvesoftware 1 Steam Client 2019-10-15 7.2
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of...