Export limit exceeded: 361826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361826 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16891 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 9.8 Critical |
| Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | ||||
| CVE-2019-16890 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | ||||
| CVE-2019-16889 | 1 Ui | 24 Ep-r6, Ep-r6 Firmware, Ep-r8 and 21 more | 2024-11-21 | 7.5 High |
| Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | ||||
| CVE-2019-16887 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | ||||
| CVE-2019-16885 | 1 Okay-cms | 1 Okaycms | 2024-11-21 | 9.8 Critical |
| In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison. | ||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 12 Ubuntu Linux, Docker, Fedora and 9 more | 2024-11-21 | 7.5 High |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | ||||
| CVE-2019-16882 | 1 String-interner Project | 1 String-interner | 2024-11-21 | 7.5 High |
| An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | ||||
| CVE-2019-16881 | 1 Portaudio-rs Project | 1 Portaudio-rs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | ||||
| CVE-2019-16880 | 1 Linea Project | 1 Linea | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. | ||||
| CVE-2019-16879 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-11-21 | 9.8 Critical |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities. | ||||
| CVE-2019-16878 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.4 Medium |
| Portainer before 1.22.1 has XSS (issue 2 of 2). | ||||
| CVE-2019-16877 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | ||||
| CVE-2019-16876 | 1 Portainer | 1 Portainer | 2024-11-21 | 7.5 High |
| Portainer before 1.22.1 allows Directory Traversal. | ||||
| CVE-2019-16874 | 1 Portainer | 1 Portainer | 2024-11-21 | 6.5 Medium |
| Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). | ||||
| CVE-2019-16873 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.4 Medium |
| Portainer before 1.22.1 has XSS (issue 1 of 2). | ||||
| CVE-2019-16872 | 1 Portainer | 1 Portainer | 2024-11-21 | 9.9 Critical |
| Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | ||||
| CVE-2019-16871 | 1 Beckhoff | 1 Twincat | 2024-11-21 | 9.8 Critical |
| Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | ||||
| CVE-2019-16868 | 1 Emlog | 1 Emlog | 2024-11-21 | 9.8 Critical |
| emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | ||||
| CVE-2019-16867 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.5 Medium |
| HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) | ||||
| CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2024-11-21 | 7.5 High |
| Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | ||||