• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-345

CVE-2019-12804

February 26, 2023 by

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.

CVE-2019-12620

February 26, 2023 by

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.

CVE-2019-12510

February 26, 2023 by

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device’s “NETGEAR Genie” SOAP API (“/soap/server_sa”) by supplying a malicious X-Forwarded-For header of the device’s LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device’s settings and view various configuration settings.

CVE-2019-11737

February 26, 2023 by

If a wildcard (‘*’) is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.

CVE-2019-11480

February 26, 2023 by

The pc-kernel snap build process hardcoded the –allow-insecure-repositories and –allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16

CVE-2019-11235

February 26, 2023 by

FreeRADIUS before 3.0.19 mishandles the “each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used” protection mechanism, aka a “Dragonblood” issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 15
  • Go to page 16
  • Go to page 17
  • Go to page 18
  • Go to page 19
  • Interim pages omitted …
  • Go to page 34
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE