Export limit exceeded: 361824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17073 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.5 Medium |
| emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. | ||||
| CVE-2019-17072 | 1 Awplife | 1 Contact Form Widget | 2024-11-21 | 9.8 Critical |
| The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. | ||||
| CVE-2019-17071 | 1 Realbigplugins | 1 Client Dash | 2024-11-21 | 6.1 Medium |
| The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. | ||||
| CVE-2019-17070 | 2 Lqd, Microsoft | 2 Liquid Speech Balloon, Internet Explorer | 2024-11-21 | 6.1 Medium |
| The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer. | ||||
| CVE-2019-17069 | 3 Netapp, Opensuse, Putty | 3 Oncommand Unified Manager Core Package, Leap, Putty | 2024-11-21 | 7.5 High |
| PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | ||||
| CVE-2019-17068 | 2 Opensuse, Putty | 2 Leap, Putty | 2024-11-21 | 7.5 High |
| PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | ||||
| CVE-2019-17067 | 2 Microsoft, Putty | 2 Windows, Putty | 2024-11-21 | 9.8 Critical |
| PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | ||||
| CVE-2019-17066 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 7.8 High |
| In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. | ||||
| CVE-2019-17064 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 5.5 Medium |
| Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. | ||||
| CVE-2019-17063 | 1 Snowtide | 1 Pdfxstream | 2024-11-21 | 5.5 Medium |
| In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. | ||||
| CVE-2019-17062 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 8.8 High |
| An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation. | ||||
| CVE-2019-17061 | 1 Cypress | 2 Psoc 4, Psoc 4 Ble | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. | ||||
| CVE-2019-17060 | 1 Nxp | 9 Kw31z, Kw34, Kw35 and 6 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. | ||||
| CVE-2019-17059 | 1 Sophos | 2 Cyberoam, Cyberoamos | 2024-11-21 | 9.8 Critical |
| A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | ||||
| CVE-2019-17058 | 1 Footy | 1 Tipping Software | 2024-11-21 | 9.1 Critical |
| Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file. | ||||
| CVE-2019-17057 | 1 Footy | 1 Tipping Software | 2024-11-21 | 6.1 Medium |
| Footy Tipping Software AFL Web Edition 2019 allows XSS. | ||||
| CVE-2019-17056 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. | ||||
| CVE-2019-17055 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 3.3 Low |
| base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | ||||
| CVE-2019-17054 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. | ||||
| CVE-2019-17053 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 3.3 Low |
| ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | ||||