Export limit exceeded: 360126 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360126 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12379 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue | ||||
| CVE-2019-12378 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue | ||||
| CVE-2019-12377 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | ||||
| CVE-2019-12376 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | ||||
| CVE-2019-12375 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | ||||
| CVE-2019-12374 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | ||||
| CVE-2019-12373 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | ||||
| CVE-2019-12372 | 1 Petraware | 1 Ptransformer Adc | 2024-11-21 | N/A |
| Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. | ||||
| CVE-2019-12370 | 1 Readdle | 1 Spark | 2024-11-21 | 6.1 Medium |
| The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12369 | 1 Typeapp | 1 Typeapp | 2024-11-21 | 6.1 Medium |
| The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12368 | 1 Edison | 1 Edison Mail | 2024-11-21 | 6.1 Medium |
| The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12367 | 1 Blixhq | 1 Bluemail | 2024-11-21 | 6.1 Medium |
| The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12366 | 1 9folders | 1 Nine | 2024-11-21 | 6.1 Medium |
| The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12365 | 1 Cloudmagic | 1 Newton | 2024-11-21 | 6.1 Medium |
| The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12363 | 1 Mybb-2fa Project | 1 Mybb-2fa | 2024-11-21 | N/A |
| An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication. | ||||
| CVE-2019-12362 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. | ||||
| CVE-2019-12361 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. | ||||
| CVE-2019-12360 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 7.1 High |
| A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. | ||||
| CVE-2019-12359 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12358 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. | ||||