Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 206216 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-4299 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2023-01-31 1.9 LOW 5.5 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.
CVE-2019-4298 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2023-01-31 3.6 LOW 7.1 HIGH
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.
CVE-2019-4310 1 Ibm 1 Security Guardium Big Data Intelligence 2023-01-31 5.0 MEDIUM 7.5 HIGH
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.
CVE-2019-4308 1 Ibm 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis 2023-01-31 4.0 MEDIUM 4.3 MEDIUM
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
CVE-2019-4473 1 Ibm 1 Java 2023-01-31 4.6 MEDIUM 7.8 HIGH
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
CVE-2019-5458 1 Http-file-server Project 1 Http-file-server 2023-01-31 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
CVE-2020-25739 3 Canonical, Debian, Gon Project 3 Ubuntu Linux, Debian Linux, Gon 2023-01-31 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
CVE-2020-6574 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2023-01-31 4.6 MEDIUM 7.8 HIGH
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
CVE-2019-4420 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2023-01-31 2.1 LOW 6.2 MEDIUM
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
CVE-2019-4419 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2023-01-31 6.4 MEDIUM 8.2 HIGH
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.
CVE-2019-7000 1 Avaya 1 Aura Conferencing 2023-01-31 5.8 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.
CVE-2020-7991 1 Adive 1 Framework 2023-01-31 6.8 MEDIUM 8.8 HIGH
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
CVE-2019-6958 1 Bosch 16 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 13 more 2023-01-31 6.4 MEDIUM 9.1 CRITICAL
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data.
CVE-2019-6564 1 Ge 1 Ge Communicator 2023-01-31 6.9 MEDIUM 7.8 HIGH
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
CVE-2019-6542 1 Enttec 6 Datagate Mk2, Datagate Mk2 Firmware, Pixelator and 3 more 2023-01-31 7.8 HIGH 7.5 HIGH
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.
CVE-2019-6545 1 Aveva 2 Indusoft Web Studio, Intouch Machine Edition 2014 2023-01-31 5.0 MEDIUM 7.5 HIGH
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
CVE-2019-17361 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-31 6.8 MEDIUM 9.8 CRITICAL
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
CVE-2019-6534 1 Gemalto 1 Sentinel Ultrapro Client Library 2023-01-31 6.8 MEDIUM 7.8 HIGH
The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.
CVE-2019-6533 1 Kunbus 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware 2023-01-31 6.4 MEDIUM 9.1 CRITICAL
Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).
CVE-2019-6535 1 Mitsubishielectric 36 Q03udecpu, Q03udecpu Firmware, Q03udvcpu and 33 more 2023-01-31 5.0 MEDIUM 7.5 HIGH
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash.