Export limit exceeded: 362636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19258 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. | ||||
| CVE-2019-19257 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2019-19256 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. | ||||
| CVE-2019-19255 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. | ||||
| CVE-2019-19254 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | ||||
| CVE-2019-19252 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. | ||||
| CVE-2019-19251 | 1 Last.fm | 1 Last.fm Desktop | 2024-11-21 | 5.3 Medium |
| The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts. | ||||
| CVE-2019-19250 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 9.8 Critical |
| OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. | ||||
| CVE-2019-19249 | 1 Querytreeapp | 1 Querytree | 2024-11-21 | 9.8 Critical |
| Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. | ||||
| CVE-2019-19248 | 1 Ea | 1 Origin | 2024-11-21 | 7.8 High |
| Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). | ||||
| CVE-2019-19247 | 1 Ea | 1 Origin | 2024-11-21 | 7.8 High |
| Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). | ||||
| CVE-2019-19246 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.5 High |
| Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | ||||
| CVE-2019-19244 | 4 Canonical, Oracle, Siemens and 1 more | 4 Ubuntu Linux, Mysql Workbench, Sinec Infrastructure Network Services and 1 more | 2024-11-21 | 7.5 High |
| sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | ||||
| CVE-2019-19242 | 5 Canonical, Oracle, Redhat and 2 more | 5 Ubuntu Linux, Mysql Workbench, Enterprise Linux and 2 more | 2024-11-21 | 5.9 Medium |
| SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | ||||
| CVE-2019-19241 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. | ||||
| CVE-2019-19240 | 1 Embedthis | 1 Goahead | 2024-11-21 | 5.3 Medium |
| Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response. | ||||
| CVE-2019-19235 | 2 Asus, Microsoft | 2 Atk Package, Windows 10 | 2024-11-21 | 7.0 High |
| AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name. | ||||
| CVE-2019-19234 | 2 Redhat, Sudo | 2 Enterprise Linux, Sudo | 2024-11-21 | 7.5 High |
| In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash | ||||
| CVE-2019-19232 | 2 Redhat, Sudo | 2 Enterprise Linux, Sudo | 2024-11-21 | 7.5 High |
| In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions | ||||
| CVE-2019-19231 | 2 Broadcom, Microsoft | 2 Ca Client Automation, Windows | 2024-11-21 | 7.3 High |
| An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges. | ||||