Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6654 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. | |||||
| CVE-2019-6555 | 1 Hornerautomation | 1 Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code. | |||||
| CVE-2019-6529 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166). | |||||
| CVE-2019-6339 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. | |||||
| CVE-2019-6238 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may lead to arbitrary code execution. | |||||
| CVE-2019-6219 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service. | |||||
| CVE-2019-5976 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. | |||||
| CVE-2019-5931 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.5 MEDIUM | 8.7 HIGH |
| Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors. | |||||
| CVE-2019-5864 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | |||||
| CVE-2019-5862 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5858 | 2 Apple, Google | 2 Macos, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-5856 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5852 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-5839 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. | |||||
| CVE-2019-5819 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Macos, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. | |||||
| CVE-2019-5803 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5801 | 3 Apple, Google, Opensuse | 4 Iphone Os, Chrome, Backports and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-5800 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5799 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5793 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||