Export limit exceeded: 364578 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364578 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6519 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
| WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | ||||
| CVE-2019-6518 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 7.5 High |
| Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | ||||
| CVE-2019-6517 | 1 Bd | 2 Facslyric, Facslyric Ivd | 2024-11-21 | 6.8 Medium |
| BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions. | ||||
| CVE-2019-6510 | 1 Creditease-sec | 1 Insight | 2024-11-21 | N/A |
| An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF. | ||||
| CVE-2019-6509 | 1 Creditease-sec | 1 Insight | 2024-11-21 | N/A |
| An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF. | ||||
| CVE-2019-6508 | 1 Creditease-sec | 1 Insight | 2024-11-21 | N/A |
| An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. | ||||
| CVE-2019-6507 | 1 Creditease-sec | 1 Insight | 2024-11-21 | N/A |
| An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. | ||||
| CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | ||||
| CVE-2019-6504 | 1 Broadcom | 1 Automic Workload Automation | 2024-11-21 | N/A |
| Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. | ||||
| CVE-2019-6503 | 1 Chatopera | 1 Cosin | 2024-11-21 | N/A |
| There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method. | ||||
| CVE-2019-6502 | 1 Opensc Project | 1 Opensc | 2024-11-21 | N/A |
| sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | ||||
| CVE-2019-6501 | 3 Fedoraproject, Qemu, Redhat | 5 Fedora, Qemu, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | ||||
| CVE-2019-6500 | 1 Axway | 1 File Tranfer Direct | 2024-11-21 | N/A |
| In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. | ||||
| CVE-2019-6499 | 1 Teradata | 1 Viewpoint | 2024-11-21 | N/A |
| Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system. | ||||
| CVE-2019-6498 | 1 Labapart | 1 Gattlib | 2024-11-21 | N/A |
| GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused. | ||||
| CVE-2019-6497 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | N/A |
| Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. | ||||
| CVE-2019-6496 | 1 Marvell | 10 88w8787, 88w8787 Firmware, 88w8797 and 7 more | 2024-11-21 | N/A |
| The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA. | ||||
| CVE-2019-6494 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | N/A |
| IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of access controls. | ||||
| CVE-2019-6493 | 1 Iobit | 1 Smart Defrag | 2024-11-21 | N/A |
| SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool. | ||||
| CVE-2019-6492 | 1 Iobit | 1 Smart Defrag | 2024-11-21 | N/A |
| SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool. | ||||