Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0373 | 1 Ibm | 1 Urbancode Deploy | 2019-10-09 | N/A |
| IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119. | ||||
| CVE-2015-3954 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2019-10-09 | N/A |
| Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | ||||
| CVE-2017-16743 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2019-10-03 | N/A |
| An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device. | ||||
| CVE-2017-2689 | 1 Siemens | 1 Ruggedcom Rox I | 2019-10-03 | N/A |
| Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | ||||
| CVE-2018-14670 | 1 Yandex | 1 Clickhouse | 2019-08-28 | N/A |
| Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. | ||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2019-08-13 | N/A |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | ||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | ||||
| CVE-2016-10848 | 1 Cpanel | 1 Cpanel | 2019-08-08 | N/A |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | ||||
| CVE-2016-10859 | 1 Cpanel | 1 Cpanel | 2019-08-08 | N/A |
| cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | ||||
| CVE-2018-17210 | 1 Printeron | 1 Central Print Services | 2019-07-26 | N/A |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests. | ||||
| CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2019-07-11 | N/A |
| GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | ||||
| CVE-2018-19581 | 1 Gitlab | 1 Gitlab | 2019-07-11 | N/A |
| GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | ||||
| CVE-2018-19578 | 1 Gitlab | 1 Gitlab | 2019-07-11 | N/A |
| GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | ||||
| CVE-2017-9325 | 1 Cloudera | 1 Cdh | 2019-07-11 | N/A |
| The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. | ||||
| CVE-2018-13908 | 1 Qualcomm | 94 Ipq8074, Ipq8074 Firmware, Mdm9150 and 91 more | 2019-06-17 | N/A |
| Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | ||||
| CVE-2017-8252 | 1 Qualcomm | 110 Ipq4019, Ipq4019 Firmware, Ipq8074 and 107 more | 2019-06-17 | N/A |
| Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130 | ||||
| CVE-2017-8777 | 1 Open-xchange | 1 Ox Cloud | 2019-05-23 | N/A |
| Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization. | ||||
| CVE-2015-5463 | 1 Axiomsl | 1 Axiom | 2019-04-04 | N/A |
| AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application. | ||||
| CVE-2016-10734 | 1 Projectsend | 1 Projectsend | 2018-12-06 | N/A |
| ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | ||||
| CVE-2016-7651 | 1 Apple | 2 Iphone Os, Watchos | 2018-10-30 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall. | ||||