Vulnerabilities - Yack CVE

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6445 1Ntpsec 1Ntpsec Jun 17, 2026 Jan 16, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
CVE-2019-6444 1Ntpsec 1Ntpsec Jun 17, 2026 Jan 16, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
CVE-2019-6443 1Ntpsec 1Ntpsec Jun 17, 2026 Jan 16, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
CVE-2019-6442 1Ntpsec 1Ntpsec Jun 17, 2026 Jan 16, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c,...Show more An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.Show less
CVE-2019-6441 1Coship 4Rt3050 Firmware Rt3052 FirmwareRt7620 Firmware+1 more Jun 17, 2026 Mar 21, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation...Show more An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.Show less
CVE-2019-6440 1Zemana 1Antimalware Jun 17, 2026 Jan 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zemana AntiMalware before 3.0.658 Beta mishandles update logic.
CVE-2019-6439 1Wolfssl 1Wolfssl Jun 17, 2026 Jan 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.
CVE-2019-6438 2Opensuse Schedmd 2Leap Slurm Jun 17, 2026 Jan 31, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.
CVE-2019-6341 3Debian DrupalFedoraproject 3Debian Linux DrupalFedora Jun 17, 2026 Mar 26, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger...Show more In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Show less
CVE-2019-6340 1Drupal 1Drupal Jun 17, 2026 Feb 21, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by t...Show more Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)Show less
CVE-2019-6339 2Debian Drupal 2Debian Linux Drupal Jun 17, 2026 Jan 22, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted...Show more In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.Show less
CVE-2019-6338 2Debian Drupal 2Debian Linux Drupal Jun 17, 2026 Jan 22, 2019 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal c...Show more In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for detailsShow less
CVE-2019-6329 1Hp 1Support Assistant Jun 17, 2026 Jun 25, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
CVE-2019-6328 1Hp 1Support Assistant Jun 17, 2026 Jun 25, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-6327 1Hp 10Laserjet Pro M280 M281 T6b80a Firmware Laserjet Pro M280 M281 T6b81a FirmwareLaserjet Pro M280 M281 T6b82a Firmware+7 more Jun 17, 2026 Jun 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.
CVE-2019-6326 1Hp 10T6b80a Firmware T6b81a FirmwareT6b82a Firmware+7 more Jun 17, 2026 Jun 17, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerab...Show more HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow.Show less
CVE-2019-6325 1Hp 10T6b80a Firmware T6b81a FirmwareT6b82a Firmware+7 more Jun 17, 2026 Jun 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-s...Show more HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.Show less
CVE-2019-6324 1Hp 10T6b80a Firmware T6b81a FirmwareT6b82a Firmware+7 more Jun 17, 2026 Jun 17, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in w...Show more HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration pageShow less
CVE-2019-6323 1Hp 10T6b80a Firmware T6b81a FirmwareT6b82a Firmware+7 more Jun 17, 2026 Jun 17, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS i...Show more HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.Show less
CVE-2019-6322 1Hp 4Z4 G4 Core X Workstation Firmware Z4 G4 Workstation FirmwareZ6 G4 Workstation Firmware+1 more Jun 17, 2026 May 29, 2019 N/A· v4 6.8 MEDIUM· v3 9.0 HIGH· v2 HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whos...Show more HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.Show less
CVE-2019-6321 1Hp 4Z4 G4 Core X Workstation Firmware Z4 G4 Workstation FirmwareZ6 G4 Workstation Firmware+1 more Jun 17, 2026 May 29, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whos...Show more HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.Show less
CVE-2019-6318 1Hp 143Color Laserjet Cm4540 Mfp Firmware Color Laserjet Enterprise Cp5525 FirmwareColor Laserjet Enterprise Flow Mfp M577 Firmware+140 more Jun 17, 2026 Apr 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution...Show more HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.Show less
CVE-2019-6296 1Skymoonlabs 1Cleanto Jun 17, 2026 Jan 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
CVE-2019-6295 1Skymoonlabs 1Cleanto Jun 17, 2026 Jan 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
CVE-2019-6294 1Easycms 1Easycms Jun 17, 2026 Jan 15, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.

Previous 1...697071...14337 Next

Vulnerabilities (CVE)