Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8917 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2024-11-21 | N/A |
| SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. | ||||
| CVE-2019-8912 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 7.8 High |
| In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | ||||
| CVE-2019-8911 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | N/A |
| An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code). | ||||
| CVE-2019-8910 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | N/A |
| An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. | ||||
| CVE-2019-8909 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | N/A |
| An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image. | ||||
| CVE-2019-8908 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | N/A |
| An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header. | ||||
| CVE-2019-8907 | 4 Canonical, Debian, File Project and 1 more | 4 Ubuntu Linux, Debian Linux, File and 1 more | 2024-11-21 | N/A |
| do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | ||||
| CVE-2019-8906 | 4 Apple, Canonical, File Project and 1 more | 7 Iphone Os, Mac Os X, Tvos and 4 more | 2024-11-21 | 4.4 Medium |
| do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | ||||
| CVE-2019-8905 | 4 Canonical, Debian, File Project and 1 more | 4 Ubuntu Linux, Debian Linux, File and 1 more | 2024-11-21 | 4.4 Medium |
| do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | ||||
| CVE-2019-8904 | 2 Canonical, File Project | 2 Ubuntu Linux, File | 2024-11-21 | N/A |
| do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. | ||||
| CVE-2019-8903 | 1 Totaljs | 1 Total.js | 2024-11-21 | N/A |
| index.js in Total.js Platform before 3.2.3 allows path traversal. | ||||
| CVE-2019-8902 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. | ||||
| CVE-2019-8901 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 6.5 Medium |
| This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action. | ||||
| CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2024-11-21 | 4.3 Medium |
| An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | ||||
| CVE-2019-8858 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing. | ||||
| CVE-2019-8857 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 3.3 Low |
| The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel. | ||||
| CVE-2019-8856 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 3.3 Low |
| An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans. | ||||
| CVE-2019-8855 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.3 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access restricted files. | ||||
| CVE-2019-8854 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 7.5 High |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. | ||||
| CVE-2019-8853 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.5 Medium |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory. | ||||