Total
1419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12392 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 9.8 Critical |
| Anviz access control devices allow remote attackers to issue commands without a password. | ||||
| CVE-2019-12390 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.3 Medium |
| Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. | ||||
| CVE-2019-12389 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 7.5 High |
| Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | ||||
| CVE-2019-12289 | 1 Vstracam | 4 C38s, C38s Firmware, C7824wip and 1 more | 2024-11-21 | N/A |
| An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command. | ||||
| CVE-2019-12288 | 2 Vstarcam, Vstracm | 4 C7824iwp, C7824iwp Firmware, C38s and 1 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update. | ||||
| CVE-2019-12174 | 1 Hide | 1 Hide.me | 2024-11-21 | N/A |
| hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context. | ||||
| CVE-2019-12130 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12129 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12128 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12125 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12120 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12119 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12118 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12117 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12116 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12115 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12114 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12105 | 1 Supervisord | 1 Supervisor | 2024-11-21 | 8.2 High |
| In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation | ||||