| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-15162 |
345 |
|
|
2019-10-03 |
2019-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. |
|
2 |
CVE-2019-13483 |
345 |
|
Bypass |
2019-07-25 |
2019-07-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms. |
|
3 |
CVE-2019-12804 |
345 |
|
|
2019-07-10 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update. |
|
4 |
CVE-2019-12620 |
345 |
|
|
2019-09-18 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. |
|
5 |
CVE-2019-12504 |
345 |
|
|
2019-06-07 |
2019-06-17 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. |
|
6 |
CVE-2019-11737 |
345 |
|
|
2019-09-27 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69. |
|
7 |
CVE-2019-11235 |
345 |
|
|
2019-04-22 |
2019-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. |
|
8 |
CVE-2019-10181 |
345 |
|
Exec Code |
2019-07-31 |
2019-08-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. |
|
9 |
CVE-2019-1932 |
345 |
|
Exec Code |
2019-07-05 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service. |
|
10 |
CVE-2019-1880 |
345 |
|
Bypass |
2019-06-05 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device. |
|
11 |
CVE-2019-1667 |
345 |
|
|
2019-02-21 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected. |
|
12 |
CVE-2019-0379 |
345 |
|
|
2019-10-08 |
2019-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check |
|
13 |
CVE-2018-15801 |
345 |
|
Bypass |
2018-12-19 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. |
|
14 |
CVE-2018-12333 |
345 |
|
Exec Code |
2018-06-17 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. |
|
15 |
CVE-2018-10626 |
345 |
|
+Info |
2018-08-10 |
2019-10-09 |
3.8 |
None |
Local Network |
Medium |
Single system |
Partial |
Partial |
None |
|
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network. |
|
16 |
CVE-2018-10080 |
345 |
|
|
2018-04-13 |
2018-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie. |
|
17 |
CVE-2018-7932 |
345 |
|
Bypass |
2018-04-24 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone. |
|
18 |
CVE-2018-7798 |
345 |
|
|
2018-11-02 |
2018-12-13 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. |
|
19 |
CVE-2018-6562 |
345 |
|
+Info |
2018-05-18 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack. |
|
20 |
CVE-2018-2434 |
345 |
|
|
2018-07-10 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. |
|
21 |
CVE-2017-17023 |
345 |
|
|
2019-04-09 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it. |
|
22 |
CVE-2017-14091 |
345 |
|
|
2017-12-15 |
2017-12-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. |
|
23 |
CVE-2017-12972 |
345 |
|
Overflow Bypass |
2017-08-20 |
2017-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. |
|
24 |
CVE-2017-12740 |
345 |
|
|
2017-12-25 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. |
|
25 |
CVE-2017-11379 |
345 |
|
|
2017-08-01 |
2017-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. |
|
26 |
CVE-2017-11178 |
345 |
|
|
2017-07-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked. |
|
27 |
CVE-2017-11130 |
345 |
|
|
2017-08-01 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks. |
|
28 |
CVE-2017-11103 |
345 |
|
|
2017-07-13 |
2017-11-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. |
|
29 |
CVE-2017-10862 |
345 |
|
|
2017-10-12 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token. |
|
30 |
CVE-2017-10624 |
345 |
|
|
2017-10-13 |
2019-10-09 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. |
|
31 |
CVE-2017-9606 |
345 |
|
+Priv |
2017-06-14 |
2019-10-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. |
|
32 |
CVE-2017-7674 |
345 |
|
|
2017-08-10 |
2019-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. |
|
33 |
CVE-2017-3224 |
345 |
|
DoS |
2018-07-24 |
2019-10-09 |
4.3 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
Partial |
|
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). |
|
34 |
CVE-2017-3219 |
345 |
|
|
2017-06-21 |
2019-10-09 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. |
|
35 |
CVE-2017-3218 |
345 |
|
|
2017-06-21 |
2019-10-09 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. |
|
36 |
CVE-2017-2701 |
345 |
|
DoS |
2017-11-22 |
2017-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable. |
|
37 |
CVE-2017-1773 |
345 |
|
|
2018-01-31 |
2018-02-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. |
|
38 |
CVE-2017-1405 |
345 |
|
|
2018-06-08 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392. |
|
39 |
CVE-2017-0563 |
345 |
|
Exec Code |
2017-04-07 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. |
|
40 |
CVE-2016-9450 |
345 |
|
|
2016-11-25 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. |
|
41 |
CVE-2016-4554 |
345 |
|
Bypass |
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. |
|
42 |
CVE-2016-4553 |
345 |
|
|
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. |
|
43 |
CVE-2016-3983 |
345 |
|
Bypass |
2016-04-08 |
2016-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. |
|
44 |
CVE-2016-3677 |
345 |
|
|
2016-06-13 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. |
|
45 |
CVE-2016-3016 |
345 |
|
|
2017-02-01 |
2017-02-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. |
|
46 |
CVE-2016-2346 |
345 |
|
Exec Code |
2016-04-25 |
2016-05-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. |
|
47 |
CVE-2016-2309 |
345 |
|
DoS |
2016-05-29 |
2017-01-10 |
8.0 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Complete |
|
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. |
|
48 |
CVE-2016-1731 |
345 |
|
|
2016-03-13 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. |
|
49 |
CVE-2016-1493 |
345 |
|
Exec Code |
2016-01-29 |
2018-10-09 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. |
|
50 |
CVE-2016-0818 |
345 |
|
|
2016-03-12 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. |
