Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363801 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3494 | 1 Simply-blog Project | 1 Simply-blog | 2024-11-21 | N/A |
| Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter. | ||||
| CVE-2019-3493 | 1 Microfocus | 2 Network Automation, Network Operations Management | 2024-11-21 | N/A |
| A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | ||||
| CVE-2019-3490 | 1 Microfocus | 1 Open Enterprise Server | 2024-11-21 | N/A |
| A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | ||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2024-11-21 | N/A |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | ||||
| CVE-2019-3486 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | N/A |
| Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1 | ||||
| CVE-2019-3485 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1 | ||||
| CVE-2019-3484 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-3483 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-3482 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-3481 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-3479 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | N/A |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | ||||
| CVE-2019-3476 | 1 Microfocus | 1 Data Protector | 2024-11-21 | N/A |
| Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | ||||
| CVE-2019-3475 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-11-21 | 7.8 High |
| A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | ||||
| CVE-2019-3474 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-11-21 | N/A |
| A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | ||||
| CVE-2019-3467 | 3 Canonical, Debian, Skolelinux | 4 Ubuntu Linux, Debian-lan-config, Debian Linux and 1 more | 2024-11-21 | 7.8 High |
| Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | ||||
| CVE-2019-3466 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2024-11-21 | 7.8 High |
| The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | ||||
| CVE-2019-3465 | 3 Debian, Simplesamlphp, Xmlseclibs Project | 3 Debian Linux, Simplesamlphp, Xmlseclibs | 2024-11-21 | 8.8 High |
| Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. | ||||
| CVE-2019-3464 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 9.8 Critical |
| Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | ||||