An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.
CWE-287
CVE-2019-5909
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 – R6.06.00), CENTUM VP Entry Class (R5.01.00 – R6.06.00), ProSafe-RS (R3.01.00 – R4.04.00), PRM (R4.01.00 – R4.02.00), B/M9000 VP(R7.01.01 – R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
CVE-2019-5679
NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges
CVE-2019-5473
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
CVE-2019-5486
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
CVE-2019-5426
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the “local port forwarding” and “dynamic port forwarding” (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.