Export limit exceeded: 363321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363321 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18189 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 9.8 Critical |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | ||||
| CVE-2019-18188 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.5 High |
| Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication. | ||||
| CVE-2019-18184 | 1 Crestron | 2 Dmc-stro, Dmc-stro Firmware | 2024-11-21 | 9.8 Critical |
| Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. | ||||
| CVE-2019-18183 | 2 Fedoraproject, Pacman Project | 2 Fedora, Pacman | 2024-11-21 | 9.8 Critical |
| pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file. | ||||
| CVE-2019-18182 | 2 Fedoraproject, Pacman Project | 2 Fedora, Pacman | 2024-11-21 | 9.8 Critical |
| pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package. | ||||
| CVE-2019-18181 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 7.8 High |
| In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI. | ||||
| CVE-2019-18180 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions. | ||||
| CVE-2019-18179 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. | ||||
| CVE-2019-18178 | 1 Amazon | 1 Freertos\+fat | 2024-11-21 | 7.5 High |
| Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache(). | ||||
| CVE-2019-17676 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 8.8 High |
| app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. | ||||
| CVE-2019-17675 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 8.8 High |
| WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | ||||
| CVE-2019-17674 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.4 Medium |
| WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | ||||
| CVE-2019-17673 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 7.5 High |
| WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | ||||
| CVE-2019-17672 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | ||||
| CVE-2019-17671 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.3 Medium |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | ||||
| CVE-2019-17670 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | ||||
| CVE-2019-17669 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | ||||
| CVE-2019-17668 | 1 Samsung | 4 Galaxy S10, Galaxy S10 Firmware, Note 10 and 1 more | 2024-11-21 | 6.8 Medium |
| Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. | ||||
| CVE-2019-17666 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 8.8 High |
| rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | ||||
| CVE-2019-17665 | 1 Nsa | 1 Ghidra | 2024-11-21 | 7.8 High |
| NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. | ||||