Total
315274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6286 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. | |||||
| CVE-2019-6285 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
| CVE-2019-6284 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. | |||||
| CVE-2019-6283 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. | |||||
| CVE-2019-6282 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | |||||
| CVE-2019-6279 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | |||||
| CVE-2019-6278 | 1 Jpress | 1 Jpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. | |||||
| CVE-2019-6275 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | |||||
| CVE-2019-6274 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. | |||||
| CVE-2019-6273 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. | |||||
| CVE-2019-6272 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | |||||
| CVE-2019-6268 | 2024-11-21 | N/A | 7.5 HIGH | ||
| RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. | |||||
| CVE-2019-6267 | 1 Premiumwpsuite | 1 Easy Redirect Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. | |||||
| CVE-2019-6266 | 1 Cordaware | 1 Bestinformed | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext. | |||||
| CVE-2019-6265 | 1 Cordaware | 1 Bestinformed | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges. | |||||
| CVE-2019-6264 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | |||||
| CVE-2019-6263 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. | |||||
| CVE-2019-6262 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | |||||
| CVE-2019-6261 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | |||||
| CVE-2019-6260 | 2 Aspeedtech, Netapp | 5 Ast2400, Ast2400 Firmware, Ast2500 and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. | |||||