Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6328 | 1 Hp | 1 Support Assistant | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
|
|||||
| CVE-2019-6279 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
|
|||||
| CVE-2019-6265 | 1 Cordaware | 1 Bestinformed | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges.
|
|||||
| CVE-2019-6260 | 2 Aspeedtech, Netapp | 5 Ast2400, Ast2400 Firmware, Ast2500 and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART- ...
Show More |
|||||
| CVE-2019-6251 | 6 Canonical, Fedoraproject, Gnome and 3 more | 6 Ubuntu Linux, Fedora, Epiphany and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
|
|||||
| CVE-2019-6241 | 1 Bevywise | 1 Mqttroute | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker.
|
|||||
| CVE-2019-6239 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.
|
|||||
| CVE-2019-6222 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown.
|
|||||
| CVE-2019-6203 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
|
|||||
| CVE-2019-6191 | 1 Lenovo | 1 Paper | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.
|
|||||
| CVE-2019-6188 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.
|
|||||
| CVE-2019-6186 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.
|
|||||
| CVE-2019-6184 | 1 Lenovo | 1 Customer Engagement Service | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.
|
|||||
| CVE-2019-6183 | 1 Lenovo | 1 Energy Management | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.
|
|||||
| CVE-2019-6178 | 1 Lenovo | 12 Home Media Network Hard Drive, Home Media Network Hard Drive Firmware, Ix12-300r and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.
|
|||||
| CVE-2019-6176 | 1 Lenovo | 2 Thinkpad Usb-c Dock, Thinkpad Usb-c Dock Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
|
|||||
| CVE-2019-6175 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
|
|||||
| CVE-2019-6172 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
|
|||||
| CVE-2019-6171 | 1 Lenovo | 296 20a7, 20a7 Firmware, 20a8 and 293 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
|
|||||
| CVE-2019-6170 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
|
|||||
| CVE-2019-6168 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
|
|||||
| CVE-2019-6167 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
|
|||||
| CVE-2019-6160 | 1 Lenovo | 13 Home Media Network Hard Drive, Home Media Network Hard Drive Firmware, Ix12-300r and 10 more | 2024-11-21 | 5.0 MEDIUM | 8.8 HIGH |
|
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
|
|||||
| CVE-2019-6155 | 1 Ibm | 8 Bladecenter Hs23, Bladecenter Hs23 Firmware, System X3530 M4 and 5 more | 2024-11-21 | 7.8 HIGH | 4.1 MEDIUM |
|
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
|
|||||
| CVE-2019-6140 | 1 Forcepoint | 1 Email Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.
|
|||||
| CVE-2019-6136 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.
|
|||||
| CVE-2019-6116 | 6 Artifex, Canonical, Debian and 3 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
|
|||||
| CVE-2019-6026 | 1 Motex | 4 Lanscope An, Lanscope Cat Client Program, Lanscope Cat Detection Agent and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code.
|
|||||
| CVE-2019-6023 | 1 Cybozu | 1 Office | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
|
|||||
| CVE-2019-6017 | 1 Remise | 1 Payment Module | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors.
|
|||||
| CVE-2019-6005 | 1 Kddi | 2 Smart Tv Box, Smart Tv Box Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.
|
|||||
| CVE-2019-5981 | 1 Sony | 1 Vaio Update | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.
|
|||||
| CVE-2019-5955 | 1 Create-sd | 1 Create Sd | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks.
|
|||||
| CVE-2019-5954 | 1 Jreast | 1 Jr East Japan | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.
|
|||||
| CVE-2019-5945 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
|
|||||
| CVE-2019-5944 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
|
|||||
| CVE-2019-5943 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
|
|||||
| CVE-2019-5942 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
|
|||||
| CVE-2019-5941 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
|
|||||
| CVE-2019-5935 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
|
|||||