Export limit exceeded: 75247 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75247 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6169 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | ||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 8.8 High |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | ||||
| CVE-2019-6165 | 1 Lenovo | 4 Yoga 700-11isk, Yoga 700-11isk Firmware, Yoga 700-14isk and 1 more | 2024-11-21 | 7.8 High |
| A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features. | ||||
| CVE-2019-6161 | 1 Lenovo | 2 Cp Storage Block, Cp Storage Block Firmware | 2024-11-21 | 7.5 High |
| An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. | ||||
| CVE-2019-6128 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | 8.8 High |
| The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. | ||||
| CVE-2019-6120 | 1 Nicehash | 1 Miner | 2024-11-21 | 7.5 High |
| An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses. | ||||
| CVE-2019-6116 | 6 Artifex, Canonical, Debian and 3 more | 12 Ghostscript, Ubuntu Linux, Debian Linux and 9 more | 2024-11-21 | 7.8 High |
| In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | ||||
| CVE-2019-6032 | 1 Ntv | 1 News 24 | 2024-11-21 | 7.4 High |
| The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2019-6030 | 1 Custom Body Class Project | 1 Custom Body Class | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2019-6027 | 1 Wpspellcheck | 1 Wpspellcheck | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2019-6026 | 1 Motex | 4 Lanscope An, Lanscope Cat Client Program, Lanscope Cat Detection Agent and 1 more | 2024-11-21 | 7.8 High |
| Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code. | ||||
| CVE-2019-6019 | 1 Ipa | 1 Stamp Workbench | 2024-11-21 | 7.8 High |
| Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2019-6015 | 1 Fon | 8 Fon2601e-fsw-b, Fon2601e-fsw-b Firmware, Fon2601e-fsw-s and 5 more | 2024-11-21 | 7.5 High |
| FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities. | ||||
| CVE-2019-6014 | 1 Dlink | 2 Dba-1510p, Dba-1510p Firmware | 2024-11-21 | 8.8 High |
| DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | ||||
| CVE-2019-6012 | 1 Tms-outsource | 1 Wpdatatables Lite | 2024-11-21 | 7.2 High |
| SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2019-6010 | 1 Linecorp | 1 Line | 2024-11-21 | 7.8 High |
| Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image. | ||||
| CVE-2019-6008 | 1 Yokogawa | 8 Exaopc, Exaplog, Exaquantum and 5 more | 2024-11-21 | 7.8 High |
| An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. | ||||
| CVE-2019-6007 | 1 Linecorp | 1 Apng-drawable | 2024-11-21 | 8.8 High |
| Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. | ||||
| CVE-2019-5996 | 1 Panasonic | 1 Video Insight Vms | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2019-5993 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||