Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-7613 1 Elastic 1 Winlogbeat 2019-10-09 5.0
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
CVE-2019-7304 1 Canonical 2 Ubuntu Linux, Snapd 2019-10-09 10.0
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-6739 1 Malwarebytes 1 Antimalware 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web...
CVE-2019-6731 1 Foxitsoftware 2 Phantompdf, Reader 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...
CVE-2019-6729 1 Foxitsoftware 2 Phantompdf, Reader 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file....
CVE-2019-6578 1 Siemens 6 Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr2 Firmware, Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr3 Firmware, Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6sr4 Firmware and 3 more 2019-10-09 5.0
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-...
CVE-2019-6555 1 Hornerautomation 1 Cscape 2019-10-09 6.8
Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.
CVE-2019-6528 1 Psigridconnect 1 Iec104 Security Proxy Firmware 2019-10-09 6.5
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19,...
CVE-2019-6339 2 Drupal, Debian 2 Drupal, Debian Linux 2019-10-09 7.5
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal...
CVE-2019-6155 1 Ibm 4 Bladecenter Hs23 Firmware, System X3530 M4 Firmware, System X3630 M4 Firmware and 1 more 2019-10-09 7.8
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
CVE-2019-5478 1 Xilinx 2 Zynq Ultrascale%2b Mpsoc Firmware, Zynq Ultrascale%2b Rfsoc Firmware 2019-10-09 2.1
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
CVE-2019-5461 1 Gitlab 1 Gitlab 2019-10-09 4.0
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4,...
CVE-2019-5452 1 Nextcloud 1 Nextcloud 2019-10-09 2.1
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
CVE-2019-5451 2019-10-09 2.1
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.
CVE-2019-5432 1 Mqtt-packet Project 1 Mqtt-packet 2019-10-09 5.0
A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.
CVE-2019-5420 3 Rubyonrails, Debian, Fedoraproject 3 Rails, Debian Linux, Fedora 2019-10-09 7.5
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails...
CVE-2019-4402 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.
CVE-2019-4378 1 Ibm 1 Mq 2019-10-09 4.0
IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially...
CVE-2019-4285 1 Ibm 1 Websphere Application Server 2019-10-09 3.5
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request...
CVE-2019-4271 1 Ibm 1 Websphere Application Server 2019-10-09 3.5
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.