Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-08 | CVE-2019-13543 | Use of Hard-coded Credentials vulnerability in Medtronic products Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. | 7.5 |
| 2019-11-08 | CVE-2019-13539 | Inadequate Encryption Strength vulnerability in Medtronic products Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. | 7.8 |
| 2019-11-08 | CVE-2019-3426 | Improper Input Validation vulnerability in ZTE Zxupn-9000E Firmware The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. | 8.8 |
| 2019-11-08 | CVE-2019-3425 | Incorrect Permission Assignment for Critical Resource vulnerability in ZTE Zxupn-9000E Firmware The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. | 8.8 |
| 2019-11-08 | CVE-2019-12410 | Missing Initialization of Resource vulnerability in Apache Arrow While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. | 7.5 |
| 2019-11-08 | CVE-2019-12408 | Missing Initialization of Resource vulnerability in Apache Arrow 0.14.0/0.14.1 It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. | 7.5 |
| 2019-11-08 | CVE-2019-17661 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Admincolumns Admin Columns 3.4.6 A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. | 8.8 |
| 2019-11-08 | CVE-2019-17327 | Path Traversal vulnerability in Tmaxsoft Jeus 7/8 JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. | 7.2 |
| 2019-11-08 | CVE-2019-16209 | Improper Certificate Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | 7.4 |
| 2019-11-08 | CVE-2019-16208 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | 7.5 |