Export limit exceeded: 362865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362865 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19985 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 5.3 Medium |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. | ||||
| CVE-2019-19984 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 6.3 Medium |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. | ||||
| CVE-2019-19983 | 1 Fastvelocity | 1 Minify | 2024-11-21 | 4.3 Medium |
| In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action. | ||||
| CVE-2019-19982 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 5.3 Medium |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request. | ||||
| CVE-2019-19981 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 5.4 Medium |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. | ||||
| CVE-2019-19980 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 4.3 Medium |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email. | ||||
| CVE-2019-19979 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2024-11-21 | 8.8 High |
| A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. | ||||
| CVE-2019-19977 | 1 Libesmtp Project | 1 Libesmtp | 2024-11-21 | 9.8 Critical |
| libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. | ||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | ||||
| CVE-2019-19967 | 1 Upc | 2 Connect Box Eurodocsis, Connect Box Eurodocsis Firmware | 2024-11-21 | 7.5 High |
| The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI. | ||||
| CVE-2019-19966 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, Active Iq Unified Manager and 10 more | 2024-11-21 | 4.6 Medium |
| In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | ||||
| CVE-2019-19965 | 5 Canonical, Debian, Linux and 2 more | 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more | 2024-11-21 | 4.7 Medium |
| In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | ||||
| CVE-2019-19964 | 1 Netgear | 2 Gs728tps, Gs728tps Firmware | 2024-11-21 | 2.7 Low |
| On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. | ||||
| CVE-2019-19963 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.3 Medium |
| An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. | ||||
| CVE-2019-19962 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | ||||
| CVE-2019-19960 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.3 Medium |
| In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | ||||
| CVE-2019-19959 | 3 Canonical, Redhat, Sqlite | 3 Ubuntu Linux, Enterprise Linux, Sqlite | 2024-11-21 | 7.5 High |
| ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | ||||
| CVE-2019-19958 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 6.5 Medium |
| In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | ||||
| CVE-2019-19957 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 6.5 Medium |
| In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. | ||||
| CVE-2019-19954 | 2 Microsoft, Signal | 2 Windows, Signal-desktop | 2024-11-21 | 7.3 High |
| Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. | ||||