Export limit exceeded: 361796 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361796 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16903 | 1 Plutinosoft | 1 Platinum | 2024-11-21 | 5.3 Medium |
| Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. | ||||
| CVE-2019-16902 | 1 Reputeinfosystems | 1 Arforms | 2024-11-21 | 7.5 High |
| In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. | ||||
| CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | ||||
| CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | ||||
| CVE-2019-16899 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | ||||
| CVE-2019-16897 | 1 K7computing | 3 K7 Antivirus Premium, K7 Total Security, K7 Ultimate Security | 2024-11-21 | 9.8 Critical |
| In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process. | ||||
| CVE-2019-16896 | 1 K7computing | 1 K7 Ultimate Security | 2024-11-21 | 7.8 High |
| In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | ||||
| CVE-2019-16894 | 1 Inoideas | 1 Inoerp | 2024-11-21 | 9.8 Critical |
| download.php in inoERP 4.15 allows SQL injection through insecure deserialization. | ||||
| CVE-2019-16893 | 1 Tp-link | 2 Tp-sg105e, Tp-sg105e Firmware | 2024-11-21 | 7.5 High |
| The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. | ||||
| CVE-2019-16892 | 3 Fedoraproject, Redhat, Rubyzip Project | 4 Fedora, Cloudforms, Cloudforms Managementengine and 1 more | 2024-11-21 | 5.5 Medium |
| In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). | ||||
| CVE-2019-16891 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 9.8 Critical |
| Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | ||||
| CVE-2019-16890 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | ||||
| CVE-2019-16889 | 1 Ui | 24 Ep-r6, Ep-r6 Firmware, Ep-r8 and 21 more | 2024-11-21 | 7.5 High |
| Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | ||||
| CVE-2019-16887 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | ||||
| CVE-2019-16885 | 1 Okay-cms | 1 Okaycms | 2024-11-21 | 9.8 Critical |
| In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison. | ||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 12 Ubuntu Linux, Docker, Fedora and 9 more | 2024-11-21 | 7.5 High |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | ||||
| CVE-2019-16882 | 1 String-interner Project | 1 String-interner | 2024-11-21 | 7.5 High |
| An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | ||||
| CVE-2019-16881 | 1 Portaudio-rs Project | 1 Portaudio-rs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | ||||
| CVE-2019-16880 | 1 Linea Project | 1 Linea | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. | ||||
| CVE-2019-16879 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-11-21 | 9.8 Critical |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities. | ||||