Search Results (83397 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-6835 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2024-11-21 5.4 Medium
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.
CVE-2019-6831 1 Schneider-electric 2 Bmxnor0200h, Bmxnor0200h Firmware 2024-11-21 8.6 High
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.
CVE-2019-6830 1 Schneider-electric 2 Modicon M580, Modicon M580 Firmware 2024-11-21 5.9 Medium
A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
CVE-2019-6828 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-11-21 7.5 High
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
CVE-2019-6827 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated.
CVE-2019-6813 1 Schneider-electric 4 Bmxnor0200h, Bmxnor0200h Firmware, Modicon M340 and 1 more 2024-11-21 7.5 High
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.
CVE-2019-6812 1 Schneider-electric 2 Bmx-nor-0200h, Bmx-nor-0200h Firmware 2024-11-21 7.2 High
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.
CVE-2019-6811 1 Schneider-electric 4 Modicon Quantum 140noe77101, Modicon Quantum 140noe77101 Firmware, Modicon Quantum 140noe77111 and 1 more 2024-11-21 7.5 High
An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.
CVE-2019-6809 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-11-21 7.5 High
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.
CVE-2019-6807 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-11-21 7.5 High
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.
CVE-2019-6804 1 Pagerduty 1 Rundeck 2024-11-21 N/A
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
CVE-2019-6803 1 Typora 1 Typora 2024-11-21 N/A
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.
CVE-2019-6802 1 Python 1 Pypiserver 2024-11-21 N/A
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
CVE-2019-6800 1 Titanhq 1 Spamtitan 2024-11-21 N/A
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
CVE-2019-6796 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.
CVE-2019-6784 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.
CVE-2019-6778 5 Canonical, Fedoraproject, Opensuse and 2 more 7 Ubuntu Linux, Fedora, Leap and 4 more 2024-11-21 N/A
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2019-6777 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
CVE-2019-6764 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2024-11-21 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7972.
CVE-2019-6760 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2024-11-21 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694.