Export limit exceeded: 366572 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366572 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9917 | 3 Canonical, Fedoraproject, Znc | 3 Ubuntu Linux, Fedora, Znc | 2024-11-21 | N/A |
| ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. | ||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2024-11-21 | N/A |
| GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | ||||
| CVE-2019-9914 | 1 Yop-poll | 1 Yop-poll | 2024-11-21 | N/A |
| The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | ||||
| CVE-2019-9913 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | ||||
| CVE-2019-9912 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 6.1 Medium |
| The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. | ||||
| CVE-2019-9911 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | 6.1 Medium |
| The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | ||||
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | N/A |
| The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | ||||
| CVE-2019-9909 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A |
| The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | ||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2024-11-21 | N/A |
| The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | ||||
| CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2024-11-21 | 6.5 Medium |
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | ||||
| CVE-2019-9903 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.5 Medium |
| PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | ||||
| CVE-2019-9901 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | N/A |
| Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy. | ||||
| CVE-2019-9900 | 2 Envoyproxy, Redhat | 3 Envoy, Openshift Service Mesh, Service Mesh | 2024-11-21 | 8.3 High |
| When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources. | ||||
| CVE-2019-9898 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | N/A |
| Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | ||||
| CVE-2019-9897 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | N/A |
| Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | ||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2024-11-21 | 7.8 High |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | ||||
| CVE-2019-9895 | 3 Fedoraproject, Opengroup, Putty | 3 Fedora, Unix, Putty | 2024-11-21 | N/A |
| In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | ||||
| CVE-2019-9894 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | N/A |
| A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | ||||
| CVE-2019-9893 | 2 Libseccomp Project, Redhat | 2 Libseccomp, Enterprise Linux | 2024-11-21 | N/A |
| libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. | ||||
| CVE-2019-9892 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. | ||||