Export limit exceeded: 363618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363618 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3413 | 1 Zte | 2 Netnumen Dap, Netnumen Dap Firmware | 2024-11-21 | N/A |
| All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. | ||||
| CVE-2019-3412 | 1 Zte | 2 Mf920, Mf920 Firmware | 2024-11-21 | N/A |
| All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces. | ||||
| CVE-2019-3411 | 1 Zte | 2 Mf920, Mf920 Firmware | 2024-11-21 | 7.5 High |
| All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components. | ||||
| CVE-2019-3410 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2024-11-21 | N/A |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client. | ||||
| CVE-2019-3409 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2024-11-21 | N/A |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system. | ||||
| CVE-2019-3405 | 1 360 | 2 360f5, 360f5 Firmware | 2024-11-21 | 5.3 Medium |
| In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. At present, the vulnerability has been effectively handled, and users can fix the vulnerability after updating the firmware version. | ||||
| CVE-2019-3404 | 1 360 | 4 F5c Router, F5c Router Firmware, P0 Router and 1 more | 2024-11-21 | 7.5 High |
| By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C. | ||||
| CVE-2019-3403 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.3 Medium |
| The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | ||||
| CVE-2019-3402 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | ||||
| CVE-2019-3401 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.3 Medium |
| The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | ||||
| CVE-2019-3400 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.1 Medium |
| The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter. | ||||
| CVE-2019-3399 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 7.5 High |
| The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | ||||
| CVE-2019-3397 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | N/A |
| Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool. | ||||
| CVE-2019-3395 | 1 Atlassian | 2 Confluence, Confluence Server | 2024-11-21 | N/A |
| The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. | ||||
| CVE-2019-3394 | 1 Atlassian | 2 Confluence, Confluence Server | 2024-11-21 | N/A |
| There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability. | ||||
| CVE-2019-3031 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | 6.0 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2019-3028 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | 8.8 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2019-3027 | 1 Oracle | 1 Application Object Library | 2024-11-21 | 5.3 Medium |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login Help). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2019-3026 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | 6.5 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2019-3025 | 1 Oracle | 1 Hospitality Res 3700 | 2024-11-21 | 9.0 Critical |
| Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | ||||