Export limit exceeded: 363079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363079 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19502 | 1 Maleck | 1 Image Uploader And Browser For Ckeditor | 2024-11-21 | 9.8 Critical |
| Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. | ||||
| CVE-2019-19501 | 1 Idrix | 1 Veracrypt | 2024-11-21 | 7.8 High |
| VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. | ||||
| CVE-2019-19500 | 1 Matrix42 | 1 Workspace Management | 2024-11-21 | 5.4 Medium |
| Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software. | ||||
| CVE-2019-19499 | 2 Grafana, Redhat | 2 Grafana, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. | ||||
| CVE-2019-19497 | 1 Altn | 1 Mdaemon Email Server | 2024-11-21 | 5.4 Medium |
| MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. | ||||
| CVE-2019-19496 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 5.4 Medium |
| Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. | ||||
| CVE-2019-19495 | 1 Technicolor | 2 Tc7230 Steb, Tc7230 Steb Firmware | 2024-11-21 | 9.8 Critical |
| The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell. | ||||
| CVE-2019-19494 | 4 Compal, Netgear, Sagemcom and 1 more | 14 7284e, 7284e Firmware, 7486e and 11 more | 2024-11-21 | 8.8 High |
| Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. | ||||
| CVE-2019-19492 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 9.8 Critical |
| FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | ||||
| CVE-2019-19491 | 1 Testlink | 1 Testlink | 2024-11-21 | 6.1 Medium |
| TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. | ||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2024-11-21 | 7.3 High |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | ||||
| CVE-2019-19489 | 2 Microsoft, Smplayer | 2 Windows, Smplayer | 2024-11-21 | 5.5 Medium |
| SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. | ||||
| CVE-2019-19487 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | ||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 Medium |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | ||||
| CVE-2019-19484 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.1 Medium |
| Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | ||||
| CVE-2019-19481 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | 4.6 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | ||||
| CVE-2019-19480 | 2 Linux, Opensc Project | 2 Linux Kernel, Opensc | 2024-11-21 | 4.6 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | ||||
| CVE-2019-19479 | 4 Debian, Fedoraproject, Opensc Project and 1 more | 4 Debian Linux, Fedora, Opensc and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | ||||
| CVE-2019-19475 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | ||||
| CVE-2019-19470 | 1 Tinywall | 1 Tinywall | 2024-11-21 | 7.8 High |
| Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13. | ||||