Export limit exceeded: 10679 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10679 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5486 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. | ||||
| CVE-2019-5474 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | ||||
| CVE-2019-5473 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.2 High |
| An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | ||||
| CVE-2019-5455 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 6.8 Medium |
| Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | ||||
| CVE-2019-5453 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 6.1 Medium |
| Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | ||||
| CVE-2019-5452 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 2.4 Low |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | ||||
| CVE-2019-5451 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.6 Medium |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | ||||
| CVE-2019-5449 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. | ||||
| CVE-2019-5426 | 1 Ui | 1 Edgeswitch X | 2024-11-21 | 4.8 Medium |
| In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings. | ||||
| CVE-2019-5317 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 6.8 Medium |
| A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | ||||
| CVE-2019-5298 | 1 Huawei | 2 Ap4050dn-e, Ap4050dn-e Firmware | 2024-11-21 | N/A |
| There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of commands. | ||||
| CVE-2019-5253 | 1 Huawei | 2 E5572-855, E5572-855 Firmware | 2024-11-21 | 5.9 Medium |
| E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. | ||||
| CVE-2019-5252 | 1 Huawei | 12 Enjoy 8 Plus, Enjoy 8 Plus Firmware, Honor 8x and 9 more | 2024-11-21 | 3.5 Low |
| There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant. | ||||
| CVE-2019-5233 | 1 Huawei | 2 Taurus-al00b, Taurus-al00b Firmware | 2024-11-21 | 8.8 High |
| Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components. | ||||
| CVE-2019-5223 | 1 Huawei | 1 Pcmanager | 2024-11-21 | N/A |
| PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. | ||||
| CVE-2019-5218 | 1 Huawei | 4 Band 2, Band 2 Firmware, Band 3 and 1 more | 2024-11-21 | 8.8 High |
| There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. | ||||
| CVE-2019-5213 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2024-11-21 | 2.4 Low |
| Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. | ||||
| CVE-2019-5165 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 7.2 High |
| An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. | ||||
| CVE-2019-5162 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 8.8 High |
| An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | ||||
| CVE-2019-5136 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 8.8 High |
| An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | ||||