Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0729 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.
|
|||||
| CVE-2020-0696 | 1 Microsoft | 3 Office, Office 365 Proplus, Outlook | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
|
|||||
| CVE-2020-0599 | 1 Intel | 122 Atom 230, Atom 230 Firmware, Atom 330 and 119 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0544 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0521 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0518 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-0332 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982
|
|||||
| CVE-2020-0274 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925
|
|||||
| CVE-2020-0187 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383
|
|||||
| CVE-2019-9530 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
|
|||||
| CVE-2019-9505 | 1 Printerlogic | 1 Print Management | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.
|
|||||
| CVE-2019-9097 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service.
|
|||||
| CVE-2019-8630 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.
|
|||||
| CVE-2019-8532 | 1 Apple | 2 Iphone Os, Watchos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files.
|
|||||
| CVE-2019-8460 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
|
|||||
| CVE-2019-8275 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
|
|||||
| CVE-2019-7613 | 1 Elastic | 1 Winlogbeat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
|
|||||
| CVE-2019-7611 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permission ...
Show More |
|||||
| CVE-2019-7475 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
|
|||||
| CVE-2019-7303 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
|
|||||
| CVE-2019-6854 | 1 Schneider-electric | 1 Clearscada | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.
|
|||||
| CVE-2019-6838 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.
|
|||||
| CVE-2019-6836 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.
|
|||||
| CVE-2019-6810 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.
|
|||||
| CVE-2019-6581 | 1 Siemens | 5 Siveillance Video Management Software 2017 R2, Siveillance Video Management Software 2018 R1, Siveillance Video Management Software 2018 R2 and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected serv ...
Show More |
|||||
| CVE-2019-6569 | 1 Siemens | 10 Scalance X-200, Scalance X-200 Firmware, Scalance X-300 and 7 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.
|
|||||
| CVE-2019-6566 | 1 Ge | 1 Ge Communicator | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.
|
|||||
| CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
|
|||||
| CVE-2019-6545 | 1 Aveva | 2 Indusoft Web Studio, Intouch Machine Edition 2014 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
|
|||||
| CVE-2019-6544 | 1 Ge | 1 Ge Communicator | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
|
GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
|
|||||
| CVE-2019-6531 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position.
|
|||||
| CVE-2019-6520 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
|
|||||
| CVE-2019-6517 | 1 Bd | 2 Facslyric, Facslyric Ivd | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions.
|
|||||
| CVE-2019-5487 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.
|
|||||
| CVE-2019-5472 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.
|
|||||
| CVE-2019-5452 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
|
|||||
| CVE-2019-5021 | 4 Alpinelinux, F5, Gliderlabs and 1 more | 4 Alpine Linux, Big-ip Controller, Docker-alpine and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
|
|||||
| CVE-2019-4637 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043.
|
|||||
| CVE-2019-4579 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.
|
|||||
| CVE-2019-4552 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
|
|||||