Export limit exceeded: 361804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361804 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12914 | 1 Rdbrck | 1 Shift | 2024-11-21 | N/A |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | ||||
| CVE-2019-12913 | 1 Rdbrck | 1 Shift | 2024-11-21 | N/A |
| Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | ||||
| CVE-2019-12912 | 1 Rdbrck | 1 Shift | 2024-11-21 | N/A |
| Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | ||||
| CVE-2019-12911 | 1 Rdbrck | 1 Shift | 2024-11-21 | N/A |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | ||||
| CVE-2019-12905 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. | ||||
| CVE-2019-12904 | 2 Gnupg, Opensuse | 2 Libgcrypt, Leap | 2024-11-21 | 5.9 Medium |
| In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack | ||||
| CVE-2019-12903 | 1 Pydio | 1 Cells | 2024-11-21 | N/A |
| Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information. | ||||
| CVE-2019-12902 | 1 Pydio | 1 Cells | 2024-11-21 | N/A |
| Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data. | ||||
| CVE-2019-12901 | 1 Pydio | 1 Cells | 2024-11-21 | N/A |
| Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation. | ||||
| CVE-2019-12899 | 1 Deltaww | 1 Devicenet Builder | 2024-11-21 | N/A |
| Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3. | ||||
| CVE-2019-12898 | 1 Deltaww | 1 Devicenet Builder | 2024-11-21 | N/A |
| Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e. | ||||
| CVE-2019-12897 | 1 Edrawsoft | 1 Edraw Max | 2024-11-21 | N/A |
| Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074. | ||||
| CVE-2019-12896 | 1 Edrawsoft | 1 Edraw Max | 2024-11-21 | N/A |
| Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77. | ||||
| CVE-2019-12895 | 1 Alternate-tools | 1 Alternate Pic View | 2024-11-21 | N/A |
| In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d. | ||||
| CVE-2019-12894 | 1 Alternate-tools | 1 Alternate Pic View | 2024-11-21 | N/A |
| Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b. | ||||
| CVE-2019-12893 | 1 Alternate-tools | 1 Alternate Pic View | 2024-11-21 | N/A |
| Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868. | ||||
| CVE-2019-12890 | 1 Redwoodhq | 1 Redwoodhq | 2024-11-21 | N/A |
| RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. | ||||
| CVE-2019-12889 | 1 Sailpoint | 1 Desktop Password Reset | 2024-11-21 | N/A |
| An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell. | ||||
| CVE-2019-12887 | 1 Keyidentity | 1 Linotp | 2024-11-21 | N/A |
| KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2019-12881 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0. | ||||