| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-6000 | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware ... | E | |
| CVE-2019-6001 | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware ... | E | |
| CVE-2019-6002 | Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inje... | | |
| CVE-2019-6003 | Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and... | | |
| CVE-2019-6004 | Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Ma... | | |
| CVE-2019-6005 | Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to ... | | |
| CVE-2019-6007 | Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial ... | | |
| CVE-2019-6008 | An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? ... | | |
| CVE-2019-6009 | Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect user... | S | |
| CVE-2019-6010 | Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remot... | | |
| CVE-2019-6011 | Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote att... | | |
| CVE-2019-6012 | SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authen... | | |
| CVE-2019-6013 | DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS comma... | | |
| CVE-2019-6014 | DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web ... | | |
| CVE-2019-6015 | FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlie... | | |
| CVE-2019-6016 | Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and... | | |
| CVE-2019-6017 | REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Di... | | |
| CVE-2019-6018 | Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote att... | | |
| CVE-2019-6019 | Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to ... | | |
| CVE-2019-6020 | Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS ... | | |
| CVE-2019-6021 | Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows rem... | | |
| CVE-2019-6022 | Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated atta... | | |
| CVE-2019-6023 | Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction wh... | | |
| CVE-2019-6024 | Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an ... | | |
| CVE-2019-6025 | Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movabl... | | |
| CVE-2019-6026 | Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and ... | | |
| CVE-2019-6027 | Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote at... | | |
| CVE-2019-6029 | Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to... | | |
| CVE-2019-6030 | Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote... | | |
| CVE-2019-6031 | Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac versio... | | |
| CVE-2019-6032 | The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows ... | | |
| CVE-2019-6033 | Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9... | | |
| CVE-2019-6034 | a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2... | | |
| CVE-2019-6035 | Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users ... | S | |
| CVE-2019-6036 | Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allow... | | |
| CVE-2019-6109 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a... | S | |
| CVE-2019-6110 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious... | E S | |
| CVE-2019-6111 | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, t... | E S | |
| CVE-2019-6112 | A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 ... | S | |
| CVE-2019-6113 | Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows ... | | |
| CVE-2019-6114 | An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsi... | E | |
| CVE-2019-6116 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system op... | E S | |
| CVE-2019-6117 | The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategor... | E | |
| CVE-2019-6120 | An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet... | E | |
| CVE-2019-6121 | An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary ... | E | |
| CVE-2019-6122 | A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 becau... | E | |
| CVE-2019-6126 | The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers t... | | |
| CVE-2019-6127 | An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL inject... | E | |
| CVE-2019-6128 | The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rg... | E S | |
| CVE-2019-6129 | png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: ... | E | |
| CVE-2019-6130 | Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonst... | E | |
| CVE-2019-6131 | svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbo... | E | |
| CVE-2019-6132 | An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::Creat... | E | |
| CVE-2019-6133 | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork(... | S | |
| CVE-2019-6135 | An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory... | E | |
| CVE-2019-6136 | An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethe... | E | |
| CVE-2019-6137 | An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NUL... | E | |
| CVE-2019-6138 | An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_mem... | E | |
| CVE-2019-6139 | Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerabilit... | | |
| CVE-2019-6140 | A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product ... | | |
| CVE-2019-6141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2019-6142 | It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It i... | | |
| CVE-2019-6143 | Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.... | | |
| CVE-2019-6144 | This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions... | S | |
| CVE-2019-6145 | Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerabili... | E | |
| CVE-2019-6146 | It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version... | | |
| CVE-2019-6147 | Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare iss... | | |
| CVE-2019-6148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2019-6149 | An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior... | S | |
| CVE-2019-6150 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-6151 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-6152 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-6153 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-6154 | A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019... | S | |
| CVE-2019-6155 | A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM... | | |
| CVE-2019-6156 | In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this prov... | S | |
| CVE-2019-6157 | In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first ... | S | |
| CVE-2019-6158 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy cre... | S | |
| CVE-2019-6159 | A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy ... | S | |
| CVE-2019-6160 | A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthentica... | S | |
| CVE-2019-6161 | An internal product security audit discovered a session handling vulnerability in the web interface ... | S | |
| CVE-2019-6162 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-6163 | A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that... | S | |
| CVE-2019-6164 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-6165 | A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that cou... | S | |
| CVE-2019-6166 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site requ... | S | |
| CVE-2019-6167 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code exe... | S | |
| CVE-2019-6168 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code exe... | S | |
| CVE-2019-6169 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted dow... | S | |
| CVE-2019-6170 | A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot serv... | S | |
| CVE-2019-6171 | A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a u... | S | |
| CVE-2019-6172 | A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parame... | S | |
| CVE-2019-6173 | A DLL search path vulnerability could allow privilege escalation in some Lenovo installation package... | S | |
| CVE-2019-6174 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-6175 | System Update Vulnerability | S | |
| CVE-2019-6176 | A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial ... | S | |
| CVE-2019-6177 | A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, ... | S | |
| CVE-2019-6178 | An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of ... | S | |
| CVE-2019-6179 | An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator ... | S | |
| CVE-2019-6180 | A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXC... | S | |
| CVE-2019-6181 | A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (... | S | |
| CVE-2019-6182 | A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions p... | S | |
| CVE-2019-6183 | A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 1... | S | |
| CVE-2019-6184 | A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2... | S | |
| CVE-2019-6185 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-6186 | A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18... | S | |
| CVE-2019-6187 | A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could all... | S | |
| CVE-2019-6188 | ThinkPad T460p and T470p BIOS Tamper Mechanism | S | |
| CVE-2019-6189 | A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18... | S | |
| CVE-2019-6190 | Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BI... | S | |
| CVE-2019-6191 | A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local ... | S | |
| CVE-2019-6192 | A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67... | E S | |
| CVE-2019-6193 | An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) version... | S | |
| CVE-2019-6194 | An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator ... | S | |
| CVE-2019-6195 | An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3... | S | |
| CVE-2019-6196 | A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could ... | S | |
| CVE-2019-6197 | A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a l... | S | |
| CVE-2019-6198 | A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a l... | S | |
| CVE-2019-6200 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.... | | |
| CVE-2019-6201 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed ... | | |
| CVE-2019-6202 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3... | | |
| CVE-2019-6203 | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS M... | | |
| CVE-2019-6204 | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. ... | | |
| CVE-2019-6205 | A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iO... | E | |
| CVE-2019-6206 | An issue existed with autofill resuming after it was canceled. The issue was addressed with improved... | | |
| CVE-2019-6207 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed ... | | |
| CVE-2019-6208 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO... | E | |
| CVE-2019-6209 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed ... | E | |
| CVE-2019-6210 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1... | | |
| CVE-2019-6211 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1... | | |
| CVE-2019-6212 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed ... | | |
| CVE-2019-6213 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, ma... | E | |
| CVE-2019-6214 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.... | E | |
| CVE-2019-6215 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.... | E | |
| CVE-2019-6216 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed ... | | |
| CVE-2019-6217 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed ... | | |
| CVE-2019-6218 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1... | E | |
| CVE-2019-6219 | A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3,... | | |
| CVE-2019-6220 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Moj... | | |
| CVE-2019-6221 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3... | | |
| CVE-2019-6222 | A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A w... | | |
| CVE-2019-6223 | A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved... | KEV | |
| CVE-2019-6224 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1... | E | |
| CVE-2019-6225 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3,... | E | |
| CVE-2019-6226 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed ... | | |
| CVE-2019-6227 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12... | | |
| CVE-2019-6228 | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validatio... | | |
| CVE-2019-6229 | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2... | | |
| CVE-2019-6230 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO... | | |
| CVE-2019-6231 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3... | | |
| CVE-2019-6232 | A race condition existed during the installation of iTunes for Windows. This was addressed with impr... | | |
| CVE-2019-6233 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12... | | |
| CVE-2019-6234 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12... | | |
| CVE-2019-6235 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3,... | | |
| CVE-2019-6236 | A race condition existed during the installation of iCloud for Windows. This was addressed with impr... | | |
| CVE-2019-6237 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed ... | | |
| CVE-2019-6238 | A validation issue existed in the handling of symlinks. This issue was addressed with improved valid... | | |
| CVE-2019-6239 | This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojav... | | |
| CVE-2019-6240 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory ... | | |
| CVE-2019-6241 | In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe req... | E | |
| CVE-2019-6242 | Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to t... | E | |
| CVE-2019-6243 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).... | E | |
| CVE-2019-6244 | An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that ... | E | |
| CVE-2019-6245 | An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the ... | E S | |
| CVE-2019-6246 | An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Gen... | E S | |
| CVE-2019-6247 | An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-... | E S | |
| CVE-2019-6248 | PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the src... | | |
| CVE-2019-6249 | An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin accoun... | E | |
| CVE-2019-6250 | A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x b... | E S | |
| CVE-2019-6251 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain... | E S | |
| CVE-2019-6256 | A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555... | E | |
| CVE-2019-6257 | A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious... | S | |
| CVE-2019-6258 | D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long Ma... | E S | |
| CVE-2019-6259 | An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/artic... | E | |
| CVE-2019-6260 | The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement ... | S | |
| CVE-2019-6261 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a store... | | |
| CVE-2019-6262 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpu... | | |
| CVE-2019-6263 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text ... | E | |
| CVE-2019-6264 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a store... | | |
| CVE-2019-6265 | The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versio... | M | |
| CVE-2019-6266 | Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certifica... | M | |
| CVE-2019-6267 | The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET r... | E | |
| CVE-2019-6268 | RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginnin... | | |
| CVE-2019-6272 | Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 al... | E | |
| CVE-2019-6273 | download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to downlo... | E | |
| CVE-2019-6274 | Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.2... | E | |
| CVE-2019-6275 | Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27... | E | |
| CVE-2019-6278 | XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.... | E | |
| CVE-2019-6279 | ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Ac... | E | |
| CVE-2019-6282 | ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cg... | E | |
| CVE-2019-6283 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelex... | E | |
| CVE-2019-6284 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.h... | E | |
| CVE-2019-6285 | The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote a... | E | |
| CVE-2019-6286 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelex... | E | |
| CVE-2019-6287 | In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and d... | | |
| CVE-2019-6288 | Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 H... | E | |
| CVE-2019-6289 | uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute ar... | | |
| CVE-2019-6290 | An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. Th... | E | |
| CVE-2019-6291 | An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02.... | E | |
| CVE-2019-6292 | An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion... | E | |
| CVE-2019-6293 | An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a ... | E | |
| CVE-2019-6294 | An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/nav... | E | |
| CVE-2019-6295 | Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.... | E | |
| CVE-2019-6296 | Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.... | E | |
| CVE-2019-6318 | HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP O... | | |
| CVE-2019-6319 | HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3... | | |
| CVE-2019-6320 | Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B... | | |
| CVE-2019-6321 | HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) wh... | S | |
| CVE-2019-6322 | HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) wh... | S | |
| CVE-2019-6323 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro M... | | |
| CVE-2019-6324 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro M... | | |
| CVE-2019-6325 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro M... | | |
| CVE-2019-6326 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro M... | | |
| CVE-2019-6327 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro M... | | |
| CVE-2019-6328 | HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthoriz... | | |
| CVE-2019-6329 | HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthoriz... | | |
| CVE-2019-6330 | A potential security vulnerability has been identified in the software solution HP Access Control ve... | | |
| CVE-2019-6331 | An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential securit... | | |
| CVE-2019-6332 | A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerab... | | |
| CVE-2019-6333 | A potential security vulnerability has been identified with certain versions of HP Touchpoint Analyt... | | |
| CVE-2019-6334 | HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check ... | | |
| CVE-2019-6335 | A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerabili... | | |
| CVE-2019-6337 | For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to a... | | |
| CVE-2019-6338 | third-party PEAR Archive_Tar library updates | S | |
| CVE-2019-6339 | PHAR stream wrapper Arbitrary PHP code execution | S | |
| CVE-2019-6340 | Drupal core - Highly critical - Remote Code Execution | KEV E S | |
| CVE-2019-6341 | Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 | S | |
| CVE-2019-6342 | Drupal core - Critical - Access bypass - SA-CORE-2019-008 | | |
| CVE-2019-6438 | SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.... | | |
| CVE-2019-6439 | examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer... | S | |
| CVE-2019-6440 | Zemana AntiMalware before 3.0.658 Beta mishandles update logic.... | | |
| CVE-2019-6441 | An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM330... | E | |
| CVE-2019-6442 | An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of ... | E | |
| CVE-2019-6443 | An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-ba... | E | |
| CVE-2019-6444 | An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based... | E | |
| CVE-2019-6445 | An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer d... | E | |
| CVE-2019-6446 | An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, whic... | E | |
| CVE-2019-6447 | The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers ... | E | |
| CVE-2019-6451 | On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access.... | E | |
| CVE-2019-6452 | Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test... | E | |
| CVE-2019-6453 | mIRC before 7.55 allows remote command execution by using argument injection through custom URI prot... | E | |
| CVE-2019-6454 | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje... | E S | |
| CVE-2019-6455 | An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset... | E | |
| CVE-2019-6456 | An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec... | E | |
| CVE-2019-6457 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-... | E | |
| CVE-2019-6458 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when... | E | |
| CVE-2019-6459 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils... | E | |
| CVE-2019-6460 | An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec... | E | |
| CVE-2019-6461 | An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in... | E | |
| CVE-2019-6462 | An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normal... | | |
| CVE-2019-6465 | Zone transfer controls for writable DLZ zones were not effective | S | |
| CVE-2019-6466 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2019-6467 | An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c | S | |
| CVE-2019-6468 | BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used | S | |
| CVE-2019-6469 | BIND Supported Preview Edition can exit with an assertion failure if ECS is in use | S | |
| CVE-2019-6470 | dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries | E | |
| CVE-2019-6471 | A race condition when discarding malformed packets can cause BIND to exit with an assertion failure | S | |
| CVE-2019-6472 | A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate | S | |
| CVE-2019-6473 | A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate | S | |
| CVE-2019-6474 | A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate | S | |
| CVE-2019-6475 | A flaw in mirror zone validity checking can allow zone data to be spoofed | S | |
| CVE-2019-6476 | An error in QNAME minimization code can cause BIND to exit with an assertion failure | S | |
| CVE-2019-6477 | TCP-pipelined queries can bypass tcp-clients limit | S | |
| CVE-2019-6478 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2019-6479 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2019-6481 | Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using ... | E | |
| CVE-2019-6485 | Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 1... | S | |
| CVE-2019-6486 | Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows a... | S | |
| CVE-2019-6487 | TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command inj... | E | |
| CVE-2019-6488 | The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32... | | |
| CVE-2019-6489 | Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to... | | |
| CVE-2019-6491 | RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.... | E | |
| CVE-2019-6492 | SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is al... | E | |
| CVE-2019-6493 | SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is al... | E | |
| CVE-2019-6494 | IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E00... | E | |
| CVE-2019-6496 | The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W88... | E | |
| CVE-2019-6497 | Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username paramete... | E | |
| CVE-2019-6498 | GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy ... | E | |
| CVE-2019-6499 | Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for t... | | |
| CVE-2019-6500 | In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exp... | E | |
| CVE-2019-6501 | In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read... | E S | |
| CVE-2019-6502 | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a cal... | E | |
| CVE-2019-6503 | There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute command... | E | |
| CVE-2019-6504 | Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automati... | | |
| CVE-2019-6506 | SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injecti... | | |
| CVE-2019-6507 | An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app... | E | |
| CVE-2019-6508 | An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/... | E | |
| CVE-2019-6509 | An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/adm... | E | |
| CVE-2019-6510 | An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin... | E | |
| CVE-2019-6512 | An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perfor... | | |
| CVE-2019-6513 | An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as... | | |
| CVE-2019-6514 | An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payloa... | S | |
| CVE-2019-6515 | An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are avai... | S | |
| CVE-2019-6516 | An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to p... | | |
| CVE-2019-6517 | BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Release... | | |
| CVE-2019-6518 | Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by some... | | |
| CVE-2019-6519 | WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a pos... | | |
| CVE-2019-6520 | Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user... | | |
| CVE-2019-6521 | WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypas... | | |
| CVE-2019-6522 | Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device mem... | | |
| CVE-2019-6523 | WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.... | | |
| CVE-2019-6524 | Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication atte... | | |
| CVE-2019-6525 | AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for ... | | |
| CVE-2019-6526 | Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A serie... | | |
| CVE-2019-6527 | PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an a... | M | |
| CVE-2019-6528 | PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy ve... | | |
| CVE-2019-6529 | An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versio... | | |
| CVE-2019-6530 | Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by ... | | |
| CVE-2019-6531 | An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway... | | |
| CVE-2019-6532 | Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by ... | S | |
| CVE-2019-6533 | Registers used to store Modbus values can be read and written from the web interface without authent... | M | |
| CVE-2019-6534 | The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w... | S | |
| CVE-2019-6535 | Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: seria... | | |
| CVE-2019-6536 | Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past th... | | |
| CVE-2019-6537 | Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior m... | S | |
| CVE-2019-6538 | Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control | S | |
| CVE-2019-6539 | Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior hav... | S | |
| CVE-2019-6540 | Medtronic Conexus Radio Frequency Telemetry Protocol Cleartext Transmission of Sensitive Information | S | |
| CVE-2019-6541 | A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior,... | S | |
| CVE-2019-6542 | ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_0... | | |
| CVE-2019-6543 | AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTo... | E | |
| CVE-2019-6544 | GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that ma... | M | |
| CVE-2019-6545 | AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTo... | E M | |
| CVE-2019-6546 | GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within t... | M | |
| CVE-2019-6547 | Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bound... | S | |
| CVE-2019-6548 | GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded creden... | M | |
| CVE-2019-6549 | An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway ve... | M | |
| CVE-2019-6550 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabil... | | |
| CVE-2019-6551 | Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user... | | |
| CVE-2019-6552 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, cau... | | |
| CVE-2019-6553 | A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input... | | |
| CVE-2019-6554 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may al... | | |
| CVE-2019-6555 | Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processin... | | |
| CVE-2019-6556 | When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Compo... | M | |
| CVE-2019-6557 | Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow re... | | |
| CVE-2019-6558 | In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro... | | |
| CVE-2019-6559 | Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially craft... | | |
| CVE-2019-6560 | In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro... | | |
| CVE-2019-6561 | Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the executio... | | |
| CVE-2019-6562 | In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes use... | | |
| CVE-2019-6563 | Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to ... | | |
| CVE-2019-6564 | GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious ... | M | |
| CVE-2019-6565 | Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated att... | | |
| CVE-2019-6566 | GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the unin... | M | |
| CVE-2019-6567 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All... | S | |
| CVE-2019-6568 | The webserver of the affected devices contains a vulnerability that may lead to a denial of service... | | |
| CVE-2019-6569 | The monitor barrier of the affected products insufficiently blocks data from being forwarded over th... | S | |
| CVE-2019-6570 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to in... | S | |
| CVE-2019-6571 | A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware ... | S | |
| CVE-2019-6572 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Upd... | | |
| CVE-2019-6574 | A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR... | | |
| CVE-2019-6575 | A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open... | | |
| CVE-2019-6576 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Upd... | | |
| CVE-2019-6577 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Upd... | | |
| CVE-2019-6578 | A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR... | | |
| CVE-2019-6579 | A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with n... | M | |
| CVE-2019-6580 | A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance ... | S | |
| CVE-2019-6581 | A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance ... | S | |
| CVE-2019-6582 | A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance ... | S | |
| CVE-2019-6584 | A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware ... | S | |
| CVE-2019-6585 | A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61... | | |
| CVE-2019-6588 | In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custo... | | |
| CVE-2019-6589 | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross ... | | |
| CVE-2019-6590 | On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume... | M | |
| CVE-2019-6591 | On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site ... | M | |
| CVE-2019-6592 | On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates ... | | |
| CVE-2019-6593 | On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile m... | | |
| CVE-2019-6594 | On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path T... | | |
| CVE-2019-6595 | Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x ... | | |
| CVE-2019-6596 | In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when... | | |
| CVE-2019-6597 | In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager ... | | |
| CVE-2019-6598 | In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or En... | | |
| CVE-2019-6599 | In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values... | | |
| CVE-2019-6600 | In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when... | | |
| CVE-2019-6601 | In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration M... | | |
| CVE-2019-6602 | In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best ... | | |
| CVE-2019-6603 | In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent... | | |
| CVE-2019-6604 | On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under... | | |
| CVE-2019-6605 | On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by a... | | |
| CVE-2019-6606 | On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing ce... | | |
| CVE-2019-6607 | On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, the... | | |
| CVE-2019-6608 | On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditio... | | |
| CVE-2019-6609 | Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-I... | | |
| CVE-2019-6610 | On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5... | | |
| CVE-2019-6611 | When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are ... | | |
| CVE-2019-6612 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS q... | | |
| CVE-2019-6613 | On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensit... | | |
| CVE-2019-6614 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbi... | | |
| CVE-2019-6615 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Admin... | | |
| CVE-2019-6616 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, admin... | | |
| CVE-2019-6617 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a use... | | |
| CVE-2019-6618 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users... | | |
| CVE-2019-6619 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (T... | | |
| CVE-2019-6620 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and ... | | |
| CVE-2019-6621 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 1... | | |
| CVE-2019-6622 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an ... | | |
| CVE-2019-6623 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic ... | | |
| CVE-2019-6624 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traff... | | |
| CVE-2019-6625 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a ref... | | |
| CVE-2019-6626 | On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, an... | | |
| CVE-2019-6627 | On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM... | | |
| CVE-2019-6628 | On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may ter... | | |
| CVE-2019-6629 | On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL ... | | |
| CVE-2019-6630 | On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM t... | | |
| CVE-2019-6631 | On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to ser... | | |
| CVE-2019-6632 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circum... | | |
| CVE-2019-6633 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, whe... | | |
| CVE-2019-6634 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of mal... | | |
| CVE-2019-6635 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.... | | |
| CVE-2019-6636 | On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11... | | |
| CVE-2019-6637 | On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application lo... | | |
| CVE-2019-6638 | On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iContr... | | |
| CVE-2019-6639 | On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3... | | |
| CVE-2019-6640 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.... | | |
| CVE-2019-6641 | On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The atta... | | |
| CVE-2019-6642 | In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0... | | |
| CVE-2019-6643 | On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an ... | | |
| CVE-2019-6644 | Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.... | | |
| CVE-2019-6645 | On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing throug... | | |
| CVE-2019-6646 | On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able t... | | |
| CVE-2019-6647 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when proc... | | |
| CVE-2019-6648 | On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and ... | | |
| CVE-2019-6649 | F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4,... | | |
| CVE-2019-6650 | F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.... | | |
| CVE-2019-6651 | In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4,... | | |
| CVE-2019-6652 | In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any fo... | M | |
| CVE-2019-6653 | There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0... | | |
| CVE-2019-6654 | On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails ... | | |
| CVE-2019-6655 | On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms whe... | M | |
| CVE-2019-6656 | BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the ... | | |
| CVE-2019-6657 | On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS... | | |
| CVE-2019-6658 | On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in t... | | |
| CVE-2019-6659 | On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of s... | | |
| CVE-2019-6660 | On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume exc... | | |
| CVE-2019-6661 | When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5... | | |
| CVE-2019-6662 | On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote lo... | | |
| CVE-2019-6663 | The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-... | | |
| CVE-2019-6664 | On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the managemen... | | |
| CVE-2019-6665 | On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2... | | |
| CVE-2019-6666 | On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may ... | | |
| CVE-2019-6667 | On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.... | | |
| CVE-2019-6668 | The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-... | | |
| CVE-2019-6669 | On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11... | | |
| CVE-2019-6670 | On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11... | | |
| CVE-2019-6671 | On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions... | | |
| CVE-2019-6672 | On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configu... | | |
| CVE-2019-6673 | On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode... | | |
| CVE-2019-6674 | On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a... | | |
| CVE-2019-6675 | BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authen... | | |
| CVE-2019-6676 | On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual E... | | |
| CVE-2019-6677 | On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, ... | | |
| CVE-2019-6678 | On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM proce... | | |
| CVE-2019-6679 | On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12... | | |
| CVE-2019-6680 | On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and ... | | |
| CVE-2019-6681 | On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5... | | |
| CVE-2019-6682 | On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, t... | | |
| CVE-2019-6683 | On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.... | | |
| CVE-2019-6684 | On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, u... | | |
| CVE-2019-6685 | On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, ... | | |
| CVE-2019-6686 | On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Manag... | | |
| CVE-2019-6687 | On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verifica... | | |
| CVE-2019-6688 | On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, ... | | |
| CVE-2019-6689 | An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Ci... | | |
| CVE-2019-6690 | python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext tha... | | |
| CVE-2019-6691 | phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[... | E | |
| CVE-2019-6692 | A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a p... | | |
| CVE-2019-6693 | Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file ... | M | |
| CVE-2019-6695 | Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0,... | M | |
| CVE-2019-6696 | An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 unde... | | |
| CVE-2019-6697 | An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6... | S | |
| CVE-2019-6698 | Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an u... | | |
| CVE-2019-6699 | An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow a... | | |
| CVE-2019-6700 | An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2... | | |
| CVE-2019-6702 | The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE ... | | |
| CVE-2019-6703 | Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin t... | E | |
| CVE-2019-6706 | Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be a... | E S | |
| CVE-2019-6707 | PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.... | E | |
| CVE-2019-6708 | PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.... | E | |
| CVE-2019-6710 | Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.... | E | |
| CVE-2019-6713 | app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute a... | | |
| CVE-2019-6714 | An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion... | E | |
| CVE-2019-6715 | pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read ... | E | |
| CVE-2019-6716 | An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Acc... | E | |
| CVE-2019-6719 | An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in... | E | |
| CVE-2019-6724 | The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, an... | E | |
| CVE-2019-6725 | The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AA... | | |
| CVE-2019-6726 | The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrar... | E | |
| CVE-2019-6727 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6728 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6729 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6730 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6731 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6732 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6733 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6734 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6735 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6736 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6737 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6738 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6739 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6740 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6741 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6742 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6743 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2019-6744 | This vulnerability allows local attackers to disclose sensitive information on affected installation... | | |
| CVE-2019-6745 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12828. Reason: This candidat... | R | |
| CVE-2019-6746 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6747 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6748 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6749 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6750 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6751 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6752 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6753 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6754 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6755 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6756 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6757 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6758 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6759 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6760 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6761 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6762 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6763 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6764 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6765 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6766 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6767 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6768 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6769 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2019-6770 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6771 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6772 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2019-6773 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | | |
| CVE-2019-6774 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2019-6775 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2019-6776 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2019-6777 | An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugi... | E S | |
| CVE-2019-6778 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.... | S | |
| CVE-2019-6779 | Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.... | E | |
| CVE-2019-6780 | The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/po... | E S | |
| CVE-2019-6781 | An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before ... | | |
| CVE-2019-6782 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6783 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6784 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6785 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6786 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6787 | An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 1... | | |
| CVE-2019-6788 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6789 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6790 | An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise E... | | |
| CVE-2019-6791 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | | |
| CVE-2019-6792 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6793 | An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x... | E | |
| CVE-2019-6794 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6795 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | E | |
| CVE-2019-6796 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6... | | |
| CVE-2019-6797 | An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x be... | | |
| CVE-2019-6798 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially c... | | |
| CVE-2019-6799 | An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration sett... | S | |
| CVE-2019-6800 | In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates ... | E | |
| CVE-2019-6802 | CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and poss... | E | |
| CVE-2019-6803 | typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outlin... | E | |
| CVE-2019-6804 | An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related... | E | |
| CVE-2019-6805 | SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.... | E | |
| CVE-2019-6806 | A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M3... | E M | |
| CVE-2019-6807 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340... | E M | |
| CVE-2019-6808 | A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon... | E M | |
| CVE-2019-6809 | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90... | | |
| CVE-2019-6810 | CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (a... | | |
| CVE-2019-6811 | An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Qu... | | |
| CVE-2019-6812 | A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions ... | | |
| CVE-2019-6813 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H ... | | |
| CVE-2019-6814 | A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior t... | | |
| CVE-2019-6815 | In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulne... | | |
| CVE-2019-6816 | In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unau... | | |
| CVE-2019-6819 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cau... | | |
| CVE-2019-6820 | A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a mod... | | |
| CVE-2019-6821 | CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the T... | S | |
| CVE-2019-6822 | A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause ... | | |
| CVE-2019-6823 | A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) whic... | | |
| CVE-2019-6824 | A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) whic... | | |
| CVE-2019-6825 | A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to ... | | |
| CVE-2019-6826 | A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions,... | | |
| CVE-2019-6827 | A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Ve... | | |
| CVE-2019-6828 | A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), M... | | |
| CVE-2019-6829 | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90)... | | |
| CVE-2019-6830 | A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, whic... | | |
| CVE-2019-6831 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H ... | | |
| CVE-2019-6832 | A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser fo... | | |
| CVE-2019-6833 | A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI... | | |
| CVE-2019-6834 | A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to e... | | |
| CVE-2019-6835 | A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion... | | |
| CVE-2019-6836 | A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion ... | | |
| CVE-2019-6837 | A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 ... | | |
| CVE-2019-6838 | A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion ... | | |
| CVE-2019-6839 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (... | | |
| CVE-2019-6840 | A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server... | | |
| CVE-2019-6841 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with fir... | | |
| CVE-2019-6842 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon... | | |
| CVE-2019-6843 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with fir... | | |
| CVE-2019-6844 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon... | | |
| CVE-2019-6845 | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Mod... | | |
| CVE-2019-6846 | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Mod... | | |
| CVE-2019-6847 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon... | | |
| CVE-2019-6848 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BME... | | |
| CVE-2019-6849 | A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modic... | | |
| CVE-2019-6850 | A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modic... | | |
| CVE-2019-6851 | A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M34... | | |
| CVE-2019-6852 | A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communi... | | |
| CVE-2019-6853 | A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9... | | |
| CVE-2019-6854 | A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Exp... | | |
| CVE-2019-6855 | Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14... | | |
| CVE-2019-6856 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580... | | |
| CVE-2019-6857 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580... | | |
| CVE-2019-6858 | A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Versio... | | |
| CVE-2019-6859 | A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of... | | |
| CVE-2019-6956 | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read... | E S | |
| CVE-2019-6957 | Buffer Overflow for Bosch Video Systems, PSIM and Access Control Systems | S | |
| CVE-2019-6958 | Improper Access Control for Bosch Video Systems, PSIM and Access Control Systems | S | |
| CVE-2019-6960 | An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8... | E | |
| CVE-2019-6961 | Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows ... | | |
| CVE-2019-6962 | A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows a... | | |
| CVE-2019-6963 | A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may al... | | |
| CVE-2019-6964 | A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the R... | | |
| CVE-2019-6965 | An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.... | | |
| CVE-2019-6966 | An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an a... | E | |
| CVE-2019-6967 | AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.... | E | |
| CVE-2019-6968 | The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters ... | E | |
| CVE-2019-6969 | The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that all... | E | |
| CVE-2019-6970 | Moodle 3.5.x before 3.5.4 allows SSRF.... | | |
| CVE-2019-6971 | An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP ... | E | |
| CVE-2019-6972 | An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and... | E | |
| CVE-2019-6973 | Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests bec... | E | |
| CVE-2019-6974 | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles referen... | E S | |
| CVE-2019-6975 | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory... | S | |
| CVE-2019-6976 | libvips before 8.7.4 generates output images from uninitialized memory locations when processing cor... | S | |
| CVE-2019-6977 | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the i... | E S | |
| CVE-2019-6978 | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif... | S | |
| CVE-2019-6979 | An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. The... | E S | |
| CVE-2019-6980 | Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in th... | | |
| CVE-2019-6981 | Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.... | | |
| CVE-2019-6982 | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. ... | | |
| CVE-2019-6983 | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. ... | | |
| CVE-2019-6984 | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. ... | | |
| CVE-2019-6985 | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. ... | | |
| CVE-2019-6986 | SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the ... | E S | |
| CVE-2019-6988 | An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (... | E | |
| CVE-2019-6989 | TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking... | E | |
| CVE-2019-6990 | A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing... | E S | |
| CVE-2019-6991 | A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu ... | E S | |
| CVE-2019-6992 | A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, al... | E S | |
| CVE-2019-6995 | An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 1... | E | |
| CVE-2019-6996 | An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8,... | | |
| CVE-2019-6997 | An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x ... | E | |
| CVE-2019-6999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R |