Search Results (323552 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-6974 5 Canonical, Debian, F5 and 2 more 29 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 26 more 2024-11-21 8.1 High
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-6973 2 Genivia, Sricam 16 Gsoap, Nvs001, Sh016 and 13 more 2024-11-21 N/A
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.
CVE-2019-6972 1 Tp-link 2 Tl-wr1043nd, Tl-wr1043nd Firmware 2024-11-21 N/A
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).
CVE-2019-6971 1 Tp-link 2 Tl-wr1043nd, Tl-wr1043nd Firmware 2024-11-21 N/A
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.
CVE-2019-6969 1 Dlink 2 Dva-5592, Dva-5592 Firmware 2024-11-21 7.5 High
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).
CVE-2019-6968 1 Dlink 2 Dva-5592, Dva-5592 Firmware 2024-11-21 6.1 Medium
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.
CVE-2019-6967 1 Airties 2 Air 5341, Air 5341 Firmware 2024-11-21 N/A
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
CVE-2019-6966 1 Axiosys 1 Bento4 2024-11-21 N/A
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.
CVE-2019-6965 1 I-doit 1 I-doit 2024-11-21 N/A
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
CVE-2019-6964 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.
CVE-2019-6963 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.
CVE-2019-6962 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.
CVE-2019-6961 1 Rdkcentral 1 Rdkb Ccsppandm 2024-11-21 N/A
Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.
CVE-2019-6960 1 Gitlab 1 Gitlab 2024-11-21 9.8 Critical
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.
CVE-2019-6958 1 Bosch 16 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 13 more 2024-11-21 9.1 Critical
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data.
CVE-2019-6957 1 Bosch 18 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 15 more 2024-11-21 9.8 Critical
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.
CVE-2019-6956 2 Audiocoding, Debian 2 Freeware Advanced Audio Decoder 2, Debian Linux 2024-11-21 7.1 High
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
CVE-2019-6859 1 Schneider-electric 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more 2024-11-21 7.5 High
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
CVE-2019-6858 1 Schneider-electric 1 Msx Configurator 2024-11-21 7.8 High
A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL.
CVE-2019-6857 1 Schneider-electric 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more 2024-11-21 7.5 High
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.