Export limit exceeded: 76035 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76035 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6201 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-6193 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | ||||
| CVE-2019-6191 | 1 Lenovo | 1 Paper | 2024-11-21 | 7.8 High |
| A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | ||||
| CVE-2019-6189 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.8 High |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | ||||
| CVE-2019-6186 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 8.8 High |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | ||||
| CVE-2019-6184 | 1 Lenovo | 1 Customer Engagement Service | 2024-11-21 | 7.8 High |
| A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | ||||
| CVE-2019-6183 | 1 Lenovo | 1 Energy Management | 2024-11-21 | 7.5 High |
| A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected. | ||||
| CVE-2019-6179 | 1 Lenovo | 2 Xclarity Administrator, Xclarity Integrator | 2024-11-21 | 7.5 High |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | ||||
| CVE-2019-6176 | 1 Lenovo | 2 Thinkpad Usb-c Dock, Thinkpad Usb-c Dock Firmware | 2024-11-21 | 7.5 High |
| A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | ||||
| CVE-2019-6175 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.5 High |
| A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | ||||
| CVE-2019-6169 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | ||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 8.8 High |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | ||||
| CVE-2019-6165 | 1 Lenovo | 4 Yoga 700-11isk, Yoga 700-11isk Firmware, Yoga 700-14isk and 1 more | 2024-11-21 | 7.8 High |
| A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features. | ||||
| CVE-2019-6161 | 1 Lenovo | 2 Cp Storage Block, Cp Storage Block Firmware | 2024-11-21 | 7.5 High |
| An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. | ||||
| CVE-2019-6128 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | 8.8 High |
| The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. | ||||
| CVE-2019-6120 | 1 Nicehash | 1 Miner | 2024-11-21 | 7.5 High |
| An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses. | ||||
| CVE-2019-6116 | 6 Artifex, Canonical, Debian and 3 more | 12 Ghostscript, Ubuntu Linux, Debian Linux and 9 more | 2024-11-21 | 7.8 High |
| In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | ||||
| CVE-2019-6032 | 1 Ntv | 1 News 24 | 2024-11-21 | 7.4 High |
| The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2019-6030 | 1 Custom Body Class Project | 1 Custom Body Class | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2019-6027 | 1 Wpspellcheck | 1 Wpspellcheck | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||