Export limit exceeded: 364837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7174 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | N/A |
| Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations. | ||||
| CVE-2019-7173 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | ||||
| CVE-2019-7172 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | ||||
| CVE-2019-7171 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | ||||
| CVE-2019-7170 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | ||||
| CVE-2019-7169 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | ||||
| CVE-2019-7168 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | ||||
| CVE-2019-7167 | 1 Z.cash | 1 Zcash | 2024-11-21 | N/A |
| Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction. | ||||
| CVE-2019-7165 | 3 Debian, Dosbox, Fedoraproject | 3 Debian Linux, Dosbox, Fedora | 2024-11-21 | N/A |
| A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. | ||||
| CVE-2019-7164 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2024-11-21 | 9.8 Critical |
| SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | ||||
| CVE-2019-7163 | 1 Tcl | 2 Alcatel Linkzone, Alcatel Linkzone Firmware | 2024-11-21 | N/A |
| The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. | ||||
| CVE-2019-7160 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | ||||
| CVE-2019-7159 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.10.1 and earlier allows Information Exposure. | ||||
| CVE-2019-7158 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.10.0 and earlier has Incorrect Access Control. | ||||
| CVE-2019-7156 | 1 Libdoc Project | 1 Libdoc | 2024-11-21 | N/A |
| In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. | ||||
| CVE-2019-7155 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group. | ||||
| CVE-2019-7154 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 6.5 Medium |
| The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | ||||
| CVE-2019-7153 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 6.5 Medium |
| A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | ||||
| CVE-2019-7152 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 6.5 Medium |
| A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | ||||
| CVE-2019-7151 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 6.5 Medium |
| A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | ||||