Vulnerabilities (CVE)

Total 200753 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6547 1 Deltaww 1 Screeneditor 2022-11-30 4.3 MEDIUM 5.5 MEDIUM
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files.
CVE-2019-6546 1 Ge 1 Ge Communicator 2022-11-30 6.8 MEDIUM 7.8 HIGH
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
CVE-2019-3901 3 Debian, Linux, Netapp 11 Debian Linux, Linux Kernel, Active Iq Unified Manager For Vmware Vsphere and 8 more 2022-11-30 1.9 LOW 4.7 MEDIUM
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
CVE-2019-3893 2 Redhat, Theforeman 2 Satellite, Foreman 2022-11-30 4.0 MEDIUM 4.9 MEDIUM
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.
CVE-2019-3876 1 Redhat 1 Openshift Container Platform 2022-11-30 4.3 MEDIUM 6.3 MEDIUM
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
CVE-2019-14842 1 Redhat 1 Libnbd 2022-11-30 7.5 HIGH 9.8 CRITICAL
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution.
CVE-2019-7304 1 Canonical 2 Snapd, Ubuntu Linux 2022-11-30 10.0 HIGH 9.8 CRITICAL
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-6840 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2022-11-30 7.5 HIGH 9.8 CRITICAL
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.
CVE-2019-6837 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2022-11-30 6.4 MEDIUM 9.1 CRITICAL
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.
CVE-2019-6835 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2022-11-30 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.
CVE-2019-6811 1 Schneider-electric 4 Modicon Quantum 140noe77101, Modicon Quantum 140noe77101 Firmware, Modicon Quantum 140noe77111 and 1 more 2022-11-30 5.0 MEDIUM 7.5 HIGH
An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.
CVE-2019-6957 1 Bosch 18 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 15 more 2022-11-30 7.5 HIGH 9.8 CRITICAL
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.
CVE-2019-7227 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 4.1 MEDIUM 7.3 HIGH
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
CVE-2019-7228 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7231 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 2.7 LOW 5.7 MEDIUM
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.
CVE-2019-7232 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.
CVE-2019-7230 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7226 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.
CVE-2019-14824 3 Debian, Fedoraproject, Redhat 3 Debian Linux, 389 Directory Server, Enterprise Linux 2022-11-30 3.5 LOW 6.5 MEDIUM
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
CVE-2019-10222 3 Ceph, Fedoraproject, Redhat 3 Ceph, Fedora, Ceph Storage 2022-11-30 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.