Export limit exceeded: 334175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75101 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75101 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3986 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 8.8 High |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | ||||
| CVE-2019-3985 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 8.8 High |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | ||||
| CVE-2019-3979 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.5 High |
| RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. | ||||
| CVE-2019-3978 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.5 High |
| RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning | ||||
| CVE-2019-3977 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.5 High |
| RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords. | ||||
| CVE-2019-3976 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 8.8 High |
| RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. | ||||
| CVE-2019-3957 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 7.4 High |
| Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. | ||||
| CVE-2019-3945 | 1 Parrot | 2 Anafi, Anafi Firmware | 2024-11-21 | 7.5 High |
| Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length. | ||||
| CVE-2019-3944 | 1 Parrot | 2 Anafi, Anafi Firmware | 2024-11-21 | 7.5 High |
| Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight. | ||||
| CVE-2019-3943 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 8.1 High |
| MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk). | ||||
| CVE-2019-3942 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 High |
| Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. | ||||
| CVE-2019-3938 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.8 High |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | ||||
| CVE-2019-3937 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.8 High |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data. | ||||
| CVE-2019-3936 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 7.5 High |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow. | ||||
| CVE-2019-3931 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 8.8 High |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root. | ||||
| CVE-2019-3921 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 8.8 High |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code. | ||||
| CVE-2019-3920 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 8.8 High |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. | ||||
| CVE-2019-3919 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 8.8 High |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. | ||||
| CVE-2019-3917 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 7.5 High |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. | ||||
| CVE-2019-3908 | 1 Identicard | 1 Premisys Id | 2024-11-21 | 7.5 High |
| Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. | ||||