Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6572 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-6331 | 1 Hp | 1 Samsung Mobile Print | 2024-11-21 | 3.3 Low |
| An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information. | ||||
| CVE-2019-6206 | 1 Apple | 1 Iphone Os | 2024-11-21 | N/A |
| An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared. | ||||
| CVE-2019-6193 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | ||||
| CVE-2019-6177 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 9.8 Critical |
| A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018. | ||||
| CVE-2019-5884 | 1 Std42 | 1 Elfinder | 2024-11-21 | 5.9 Medium |
| php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. | ||||
| CVE-2019-5880 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-5640 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 3.3 Low |
| Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | ||||
| CVE-2019-5601 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. | ||||
| CVE-2019-5534 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 7.7 High |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | ||||
| CVE-2019-5489 | 3 Linux, Netapp, Redhat | 11 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node and 8 more | 2024-11-21 | N/A |
| The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. | ||||
| CVE-2019-5470 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | ||||
| CVE-2019-5465 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | ||||
| CVE-2019-5463 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | ||||
| CVE-2019-5437 | 1 Harpjs | 1 Harp | 2024-11-21 | N/A |
| Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge. | ||||
| CVE-2019-5073 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2024-11-21 | 5.3 Medium |
| An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2019-5017 | 2 Kcodes, Netgear | 3 Netusb.ko, R8000, R8000 Firmware | 2024-11-21 | 5.3 Medium |
| An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation. | ||||
| CVE-2019-5016 | 2 Kcodes, Netgear | 5 Netusb.ko, R7900, R7900 Firmware and 2 more | 2024-11-21 | 9.1 Critical |
| An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability. | ||||
| CVE-2019-4751 | 1 Ibm | 1 Cloud App Management | 2024-11-21 | 5.3 Medium |
| IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311. | ||||
| CVE-2019-4731 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 5.5 Medium |
| IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. | ||||