Export limit exceeded: 361998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18183 | 2 Fedoraproject, Pacman Project | 2 Fedora, Pacman | 2024-11-21 | 9.8 Critical |
| pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file. | ||||
| CVE-2019-18182 | 2 Fedoraproject, Pacman Project | 2 Fedora, Pacman | 2024-11-21 | 9.8 Critical |
| pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package. | ||||
| CVE-2019-18181 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 7.8 High |
| In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI. | ||||
| CVE-2019-18180 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions. | ||||
| CVE-2019-18179 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. | ||||
| CVE-2019-18178 | 1 Amazon | 1 Freertos\+fat | 2024-11-21 | 7.5 High |
| Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache(). | ||||
| CVE-2019-17676 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 8.8 High |
| app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. | ||||
| CVE-2019-17675 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 8.8 High |
| WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | ||||
| CVE-2019-17674 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.4 Medium |
| WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | ||||
| CVE-2019-17673 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 7.5 High |
| WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | ||||
| CVE-2019-17672 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | ||||
| CVE-2019-17671 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.3 Medium |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | ||||
| CVE-2019-17670 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | ||||
| CVE-2019-17669 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | ||||
| CVE-2019-17668 | 1 Samsung | 4 Galaxy S10, Galaxy S10 Firmware, Note 10 and 1 more | 2024-11-21 | 6.8 Medium |
| Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. | ||||
| CVE-2019-17666 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 8.8 High |
| rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | ||||
| CVE-2019-17665 | 1 Nsa | 1 Ghidra | 2024-11-21 | 7.8 High |
| NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. | ||||
| CVE-2019-17664 | 1 Nsa | 1 Ghidra | 2024-11-21 | 7.8 High |
| NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory. | ||||
| CVE-2019-17663 | 2 D-link, Dlink | 2 Dir-866l Firmware, Dir-866l | 2024-11-21 | 6.1 Medium |
| D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | ||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-11-21 | 9.8 Critical |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | ||||