CWE-419
10 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-419page 1 of 1
- CVE-2018-12120HIGHCVSS 8.12018-11-28
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow r…
- CVE-2018-12539HIGHCVSS 7.82018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrus…
- CVE-2019-11248HIGHCVSS 8.2EG 9.02019-08-29
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as inte…
- CVE-2022-33932MEDIUMCVSS 5.3EG 5.32022-08-22
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerabil…
- CVE-2023-30859HIGHCVSS 7.2EG 7.22023-05-01
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will …
- CVE-2023-6533MEDIUMCVSS 6.5EG 6.52024-02-21
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller.…
- CVE-2024-2414HIGHCVSS 8.8EG 8.82024-03-13
The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges.
- CVE-2024-3051HIGHCVSS 7.5EG 7.52024-04-26
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.
- CVE-2024-39886LOWCVSS 3.7EG 3.72024-07-10
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter co…
- CVE-2024-50588CRITICALCVSS 9.8EG 9.82024-11-08
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login cr…
Map vulnerabilities like CWE-419 to your infrastructure
EchelonGraph correlates every CVE — across CWE-419 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →