Vulnerabilities (CVE)

Total 200758 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7304 1 Canonical 2 Snapd, Ubuntu Linux 2022-11-30 10.0 HIGH 9.8 CRITICAL
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-6840 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2022-11-30 7.5 HIGH 9.8 CRITICAL
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.
CVE-2019-6837 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2022-11-30 6.4 MEDIUM 9.1 CRITICAL
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.
CVE-2019-6835 1 Schneider-electric 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more 2022-11-30 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.
CVE-2019-6811 1 Schneider-electric 4 Modicon Quantum 140noe77101, Modicon Quantum 140noe77101 Firmware, Modicon Quantum 140noe77111 and 1 more 2022-11-30 5.0 MEDIUM 7.5 HIGH
An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.
CVE-2019-6957 1 Bosch 18 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 15 more 2022-11-30 7.5 HIGH 9.8 CRITICAL
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.
CVE-2019-7227 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 4.1 MEDIUM 7.3 HIGH
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
CVE-2019-7228 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7231 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 2.7 LOW 5.7 MEDIUM
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.
CVE-2019-7232 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.
CVE-2019-7230 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7226 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2022-11-30 5.8 MEDIUM 8.8 HIGH
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.
CVE-2019-14824 3 Debian, Fedoraproject, Redhat 3 Debian Linux, 389 Directory Server, Enterprise Linux 2022-11-30 3.5 LOW 6.5 MEDIUM
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
CVE-2019-10222 3 Ceph, Fedoraproject, Redhat 3 Ceph, Fedora, Ceph Storage 2022-11-30 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
CVE-2022-23044 1 Tiny File Manager Project 1 Tiny File Manager 2022-11-30 N/A 8.8 HIGH
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.
CVE-2019-10203 2 Linux, Powerdns 2 Linux Kernel, Authoritative Server 2022-11-30 4.0 MEDIUM 4.3 MEDIUM
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
CVE-2019-10171 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux Server Eus 2022-11-30 7.8 HIGH 7.5 HIGH
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
CVE-2018-1115 2 Opensuse, Postgresql 2 Leap, Postgresql 2022-11-30 6.4 MEDIUM 9.1 CRITICAL
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CVE-2018-16868 1 Gnu 1 Gnutls 2022-11-30 3.3 LOW 5.6 MEDIUM
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
CVE-2022-4091 1 Canteen Management System Project 1 Canteen Management System 2022-11-30 N/A 6.1 MEDIUM
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.