Total
33563 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6579 | 1 Siemens | 1 Spectrum Power 4 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-6574 | 1 Siemens | 12 Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr2, Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr2 Firmware, Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr3 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-6494 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of access controls. | |||||
| CVE-2019-6489 | 1 Lexmark | 80 6500e, 6500e Firmware, Cx310 and 77 more | 2024-11-21 | 6.4 MEDIUM | 5.3 MEDIUM |
| Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts. | |||||
| CVE-2019-6438 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. | |||||
| CVE-2019-6342 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. | |||||
| CVE-2019-6337 | 1 Hp | 82 2dr21d, 2dr21d Firmware, D3q15a and 79 more | 2024-11-21 | 3.3 LOW | 5.2 MEDIUM |
| For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. | |||||
| CVE-2019-6335 | 1 Hp | 8 Samsung C480, Samsung C480 Firmware, Samsung Clp680 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service. | |||||
| CVE-2019-6334 | 1 Hp | 730 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 727 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. | |||||
| CVE-2019-6330 | 1 Hp | 1 Access Control | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege. | |||||
| CVE-2019-6329 | 1 Hp | 1 Support Assistant | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328. | |||||
| CVE-2019-6328 | 1 Hp | 1 Support Assistant | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329. | |||||
| CVE-2019-6279 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | |||||
| CVE-2019-6265 | 1 Cordaware | 1 Bestinformed | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges. | |||||
| CVE-2019-6260 | 2 Aspeedtech, Netapp | 5 Ast2400, Ast2400 Firmware, Ast2500 and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. | |||||
| CVE-2019-6251 | 6 Canonical, Fedoraproject, Gnome and 3 more | 6 Ubuntu Linux, Fedora, Epiphany and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. | |||||
| CVE-2019-6241 | 1 Bevywise | 1 Mqttroute | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker. | |||||
| CVE-2019-6239 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2019-6222 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown. | |||||
| CVE-2019-6203 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic. | |||||