|
222401
|
9.8 |
CRITICAL
Network
|
f5
|
big-ip_link_controller
big-ip_access_policy_manager
big-ip_advanced_firewall_manager
big-ip_application_acceleration_manager
big-ip_application_security_manager
big-ip_fraud_protection…
|
BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass…
|
CWE-287
Improper Authentication
|
CVE-2019-6675
|
2024-11-21 13:46 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222402
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortios
|
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-6693
|
2024-11-21 13:46 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222403
|
7.8 |
HIGH
Local
|
lenovo
|
paper
|
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.
|
NVD-CWE-noinfo
|
CVE-2019-6191
|
2024-11-21 13:46 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222404
|
7.8 |
HIGH
Local
|
lenovo
|
system_interface_foundation
|
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.
|
CWE-426
Untrusted Search Path
|
CVE-2019-6189
|
2024-11-21 13:46 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222405
|
6.5 |
MEDIUM
Network
|
lenovo
|
xclarity_controller
|
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XC…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2019-6187
|
2024-11-21 13:46 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222406
|
8.8 |
HIGH
Network
|
lenovo
|
system_interface_foundation
|
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.
|
NVD-CWE-noinfo
|
CVE-2019-6186
|
2024-11-21 13:46 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222407
|
7.8 |
HIGH
Local
|
lenovo
|
customer_engagement_service
|
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.
|
NVD-CWE-noinfo
|
CVE-2019-6184
|
2024-11-21 13:46 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222408
|
7.5 |
HIGH
Network
|
lenovo
|
thinkpad_usb-c_dock_firmware
|
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
|
NVD-CWE-noinfo
|
CVE-2019-6176
|
2024-11-21 13:46 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222409
|
7.5 |
HIGH
Network
|
f5
|
big-ip_access_policy_manager
|
When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-6661
|
2024-11-21 13:46 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222410
|
7.5 |
HIGH
Network
|
f5
|
big-ip_advanced_firewall_manager
big-ip_access_policy_manager
big-ip_application_acceleration_manager
big-ip_link_controller
big-ip_policy_enforcement_manager
big-ip_webaccelerator
…
|
On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.
|
NVD-CWE-noinfo
|
CVE-2019-6664
|
2024-11-21 13:46 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
