Export limit exceeded: 366574 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366574 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8454 | 2 Checkpoint, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.0 High |
| A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | ||||
| CVE-2019-8453 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | N/A |
| Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client. | ||||
| CVE-2019-8452 | 1 Checkpoint | 2 Endpoint Security, Zonealarm | 2024-11-21 | 7.8 High |
| A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. | ||||
| CVE-2019-8451 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.5 Medium |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | ||||
| CVE-2019-8450 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 4.8 Medium |
| Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. | ||||
| CVE-2019-8449 | 1 Atlassian | 1 Jira | 2024-11-21 | 5.3 Medium |
| The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | ||||
| CVE-2019-8448 | 1 Atlassian | 1 Jira Server | 2024-11-21 | N/A |
| The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | ||||
| CVE-2019-8447 | 1 Atlassian | 1 Jira Server | 2024-11-21 | N/A |
| The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2019-8446 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 5.3 Medium |
| The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. | ||||
| CVE-2019-8445 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 5.3 Medium |
| Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. | ||||
| CVE-2019-8444 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 5.4 Medium |
| The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. | ||||
| CVE-2019-8443 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 8.1 High |
| The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | ||||
| CVE-2019-8442 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 7.5 High |
| The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check. | ||||
| CVE-2019-8440 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. | ||||
| CVE-2019-8439 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. | ||||
| CVE-2019-8438 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. | ||||
| CVE-2019-8437 | 1 Njiandan-cms Project | 1 Njiandan-cms | 2024-11-21 | N/A |
| njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. | ||||
| CVE-2019-8436 | 1 Txjia | 1 Imcat | 2024-11-21 | N/A |
| imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | ||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | ||||
| CVE-2019-8434 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | N/A |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | ||||