Export limit exceeded: 361866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17501 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same. | ||||
| CVE-2019-17499 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2024-11-21 | 8.8 High |
| The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter. | ||||
| CVE-2019-17498 | 6 Debian, Fedoraproject, Libssh2 and 3 more | 13 Debian Linux, Fedora, Libssh2 and 10 more | 2024-11-21 | 8.1 High |
| In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | ||||
| CVE-2019-17496 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. | ||||
| CVE-2019-17495 | 2 Oracle, Smartbear | 6 Banking Apis, Banking Digital Experience, Banking Platform and 3 more | 2024-11-21 | 9.8 Critical |
| A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. | ||||
| CVE-2019-17494 | 1 Laravel-bjyblog Project | 1 Laravel-bjyblog | 2024-11-21 | 6.1 Medium |
| laravel-bjyblog 6.1.1 has XSS via a crafted URL. | ||||
| CVE-2019-17493 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 6.1 Medium |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | ||||
| CVE-2019-17491 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 6.1 Medium |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | ||||
| CVE-2019-17490 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 8.8 High |
| app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | ||||
| CVE-2019-17489 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 6.1 Medium |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | ||||
| CVE-2019-17488 | 1 B3log | 1 Symphony | 2024-11-21 | 6.1 Medium |
| b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | ||||
| CVE-2019-17455 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 9.8 Critical |
| Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | ||||
| CVE-2019-17454 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info. | ||||
| CVE-2019-17453 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact. | ||||
| CVE-2019-17452 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump. | ||||
| CVE-2019-17451 | 4 Canonical, Gnu, Opensuse and 1 more | 4 Ubuntu Linux, Binutils, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | ||||
| CVE-2019-17450 | 4 Canonical, Gnu, Opensuse and 1 more | 4 Ubuntu Linux, Binutils, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | ||||
| CVE-2019-17449 | 1 Avira | 1 Software Updater | 2024-11-21 | 6.7 Medium |
| Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges | ||||
| CVE-2019-17446 | 2 Eracent, Linux | 2 Epa Agent, Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path. | ||||
| CVE-2019-17445 | 2 Eracent, Linux | 7 Eda Agent, Epa Agent, Epm Agent and 4 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. | ||||