Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10962 | 1 Bd | 2 Alaris Gateway Workstation, Alaris Gateway Workstation Firmware | 2020-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. | |||||
| CVE-2019-10938 | 1 Siemens | 25 6md85, 6md86, 6md89 and 22 more | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-10189 | 1 Moodle | 1 Moodle | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. | |||||
| CVE-2019-10970 | 1 Rockwellautomation | 2 Panelview 5510, Panelview 5510 Firmware | 2020-10-01 | 10.0 HIGH | 9.8 CRITICAL |
| In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. | |||||
| CVE-2019-10187 | 1 Moodle | 1 Moodle | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. | |||||
| CVE-2019-10175 | 1 Kubevirt | 1 Containerized-data-importer | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users to clone any PVC in the cluster into their own namespace, effectively allowing access to other user's data. | |||||
| CVE-2016-7032 | 1 Todd Miller | 1 Sudo | 2020-09-30 | 6.9 MEDIUM | 7.0 HIGH |
| sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | |||||
| CVE-2019-10188 | 1 Moodle | 1 Moodle | 2020-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. | |||||
| CVE-2019-10138 | 1 Python | 1 Novajoin | 2020-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens. | |||||
| CVE-2019-10130 | 2 Opensuse, Postgresql | 2 Leap, Postgresql | 2020-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. | |||||
| CVE-2019-0041 | 1 Juniper | 2 Ex4300-mp, Junos | 2020-09-29 | 5.0 MEDIUM | 8.6 HIGH |
| On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices. | |||||
| CVE-2020-8028 | 1 Suse | 2 Manager Server, Salt-netapi-client | 2020-09-28 | 7.2 HIGH | 9.3 CRITICAL |
| A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1. | |||||
| CVE-2020-7531 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2020-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | |||||
| CVE-2018-17921 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2020-09-18 | 5.8 MEDIUM | 8.8 HIGH |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. | |||||
| CVE-2018-15640 | 1 Odoo | 1 Odoo | 2020-09-18 | 9.0 HIGH | 8.8 HIGH |
| Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request. | |||||
| CVE-2018-5406 | 1 Quest | 2 Kace Systems Management Appliance, Kace Systems Management Appliance Firmware | 2020-09-18 | 9.3 HIGH | 8.8 HIGH |
| The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings. | |||||
| CVE-2018-15631 | 1 Odoo | 1 Odoo | 2020-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request. | |||||
| CVE-2018-12546 | 1 Eclipse | 1 Mosquitto | 2020-08-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. | |||||
| CVE-2020-3448 | 1 Cisco | 1 Cyber Vision Center | 2020-08-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software. | |||||
| CVE-2020-5396 | 1 Vmware | 2 Gemfire, Tanzu Gemfire For Virtual Machines | 2020-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution. | |||||