Total
309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0886 | 1 Microsoft | 1 Windows Nt | 2023-11-07 | 9.0 HIGH | N/A |
| The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. | |||||
| CVE-1999-0875 | 2 Microsoft, Sun | 5 Windows 2000, Windows 95, Windows 98se and 2 more | 2023-11-07 | 7.5 HIGH | N/A |
| DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. | |||||
| CVE-1999-0858 | 1 Microsoft | 1 Internet Explorer | 2023-11-07 | 5.0 MEDIUM | N/A |
| Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. | |||||
| CVE-1999-0766 | 1 Microsoft | 2 Internet Explorer, Java Virtual Machine | 2023-11-07 | 9.3 HIGH | N/A |
| The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. | |||||
| CVE-1999-0725 | 1 Microsoft | 1 Internet Information Server | 2023-11-07 | 7.1 HIGH | N/A |
| When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||||
| CVE-1999-0701 | 1 Microsoft | 1 Windows Nt | 2023-11-07 | 7.2 HIGH | N/A |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. | |||||
| CVE-2020-1769 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2023-08-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | |||||
| CVE-2023-39385 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 9.1 CRITICAL |
| Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access. | |||||
| CVE-2023-39392 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten. | |||||
| CVE-2022-22183 | 1 Juniper | 1 Junos Os Evolved | 2023-06-27 | 7.8 HIGH | 7.5 HIGH |
| An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. | |||||
| CVE-2019-19001 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. | |||||
| CVE-2019-19090 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 3.5 LOW | 3.5 LOW |
| For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. | |||||
| CVE-2019-19097 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 4.3 MEDIUM | 7.5 HIGH |
| ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. | |||||
| CVE-2019-19091 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. | |||||
| CVE-2019-19003 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. | |||||
| CVE-2019-19092 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 3.5 LOW | 3.5 LOW |
| ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. | |||||
| CVE-2019-19089 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. | |||||
| CVE-2019-19002 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 3.5 LOW | 5.4 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. | |||||
| CVE-2019-19000 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 6.4 MEDIUM | 6.5 MEDIUM |
| For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. | |||||
| CVE-2019-15993 | 1 Cisco | 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more | 2023-04-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files. | |||||