Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6191 | 1 Lenovo | 1 Paper | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | |||||
| CVE-2019-6222 | 1 Apple | 1 Iphone Os | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown. | |||||
| CVE-2019-6223 | 1 Apple | 2 Iphone Os, Mac Os X | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer. | |||||
| CVE-2019-6239 | 1 Apple | 1 Mac Os X | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2019-6241 | 1 Bevywise | 1 Mqttroute | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker. | |||||
| CVE-2019-6489 | 1 Lexmark | 80 6500e, 6500e Firmware, Cx310 and 77 more | 2020-08-24 | 6.4 MEDIUM | 5.3 MEDIUM |
| Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts. | |||||
| CVE-2019-6251 | 6 Canonical, Fedoraproject, Gnome and 3 more | 6 Ubuntu Linux, Fedora, Epiphany and 3 more | 2020-08-24 | 5.8 MEDIUM | 8.1 HIGH |
| WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. | |||||
| CVE-2019-6260 | 2 Aspeedtech, Netapp | 5 Ast2400, Ast2400 Firmware, Ast2500 and 2 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. | |||||
| CVE-2019-6265 | 1 Cordaware | 1 Bestinformed | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges. | |||||
| CVE-2019-6328 | 1 Hp | 1 Support Assistant | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329. | |||||
| CVE-2019-6329 | 1 Hp | 1 Support Assistant | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328. | |||||
| CVE-2019-6330 | 1 Hp | 1 Access Control | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege. | |||||
| CVE-2019-6334 | 1 Hp | 730 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 727 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. | |||||
| CVE-2019-6335 | 1 Hp | 8 Samsung C480, Samsung C480 Firmware, Samsung Clp680 and 5 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service. | |||||
| CVE-2019-6337 | 1 Hp | 82 2dr21d, 2dr21d Firmware, D3q15a and 79 more | 2020-08-24 | 3.3 LOW | 5.2 MEDIUM |
| For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. | |||||
| CVE-2019-18361 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | |||||
| CVE-2019-6438 | 2 Opensuse, Schedmd | 2 Leap, Slurm | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. | |||||
| CVE-2019-6494 | 1 Iobit | 1 Malware Fighter | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of access controls. | |||||
| CVE-2019-6515 | 1 Wso2 | 1 Api Manager | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user. | |||||
| CVE-2019-2453 | 1 Oracle | 1 E-business Suite | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Performance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Performance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Performance Management accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||