Export limit exceeded: 359669 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359669 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10974 | 1 Nrel | 1 Energyplus | 2024-11-21 | 5.5 Medium |
| NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code. | ||||
| CVE-2019-10973 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | N/A |
| Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. | ||||
| CVE-2019-10972 | 1 Mitsubishielectric | 1 Electric Fr Configurator2 | 2024-11-21 | 5.5 Medium |
| Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted. | ||||
| CVE-2019-10971 | 1 Omron | 1 Network Configurator For Devicenet Safety | 2024-11-21 | N/A |
| The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories. | ||||
| CVE-2019-10970 | 1 Rockwellautomation | 2 Panelview 5510, Panelview 5510 Firmware | 2024-11-21 | 9.8 Critical |
| In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. | ||||
| CVE-2019-10969 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 7.2 High |
| Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | ||||
| CVE-2019-10968 | 1 Philips | 1 Zymed Holter 2010 | 2024-11-21 | 4.4 Medium |
| Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled. | ||||
| CVE-2019-10967 | 1 Emerson | 2 Ovation Ocr400, Ovation Ocr400 Firmware | 2024-11-21 | 8.8 High |
| In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. | ||||
| CVE-2019-10966 | 1 Ge | 8 Aespire 7100, Aespire 7100 Firmware, Aespire 7900 and 5 more | 2024-11-21 | 5.3 Medium |
| In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | ||||
| CVE-2019-10965 | 1 Emerson | 2 Ovation Ocr400, Ovation Ocr400 Firmware | 2024-11-21 | 8.8 High |
| In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. | ||||
| CVE-2019-10963 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 4.3 Medium |
| Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. | ||||
| CVE-2019-10962 | 1 Bd | 2 Alaris Gateway Workstation, Alaris Gateway Workstation Firmware | 2024-11-21 | 5.3 Medium |
| BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. | ||||
| CVE-2019-10961 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 8.8 High |
| In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | ||||
| CVE-2019-10960 | 1 Zebra | 16 220xi4, 220xi4 Firmware, Zt220 and 13 more | 2024-11-21 | 7.5 High |
| Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel. | ||||
| CVE-2019-10959 | 1 Bd | 10 Alaris Cc Syringe Pump, Alaris Cc Syringe Pump Firmware, Alaris Gateway Workstation and 7 more | 2024-11-21 | N/A |
| BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update. | ||||
| CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 7.2 High |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | ||||
| CVE-2019-10957 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 4.8 Medium |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. | ||||
| CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 7.2 High |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | ||||
| CVE-2019-10951 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 7.8 High |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. | ||||
| CVE-2019-10950 | 1 Fujifilm | 6 Cr-ir 357 Fcr Capsula X, Cr-ir 357 Fcr Capsula X Firmware, Cr-ir 357 Fcr Carbon X and 3 more | 2024-11-21 | 9.8 Critical |
| Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying operating system. | ||||