Export limit exceeded: 363508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19806 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 5.3 Medium |
| _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | ||||
| CVE-2019-19805 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 5.3 Medium |
| _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | ||||
| CVE-2019-19802 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.5 Medium |
| In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | ||||
| CVE-2019-19801 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 5.5 Medium |
| In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases. | ||||
| CVE-2019-19800 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | ||||
| CVE-2019-19799 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | ||||
| CVE-2019-19797 | 3 Debian, Fedoraproject, Xfig Project | 3 Debian Linux, Fedora, Fig2dev | 2024-11-21 | 5.5 Medium |
| read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | ||||
| CVE-2019-19796 | 1 Yabasic | 1 Yabasic | 2024-11-21 | 7.8 High |
| Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. | ||||
| CVE-2019-19795 | 1 Samurai Project | 1 Samurai | 2024-11-21 | 7.8 High |
| samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. | ||||
| CVE-2019-19794 | 2 Miekg-dns Project, Redhat | 3 Miekg-dns, Jaeger, Openstack | 2024-11-21 | 5.9 Medium |
| The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | ||||
| CVE-2019-19793 | 2 Cyxtera, Microsoft | 2 Appgate Sdp, Windows | 2024-11-21 | 8.8 High |
| In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. | ||||
| CVE-2019-19792 | 1 Eset | 1 Cyber Security | 2024-11-21 | 6.7 Medium |
| A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. | ||||
| CVE-2019-19789 | 1 Codesys | 3 Plcwinnt, Runtime Toolkit, Sp Realtime Nt | 2024-11-21 | 6.5 Medium |
| 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. | ||||
| CVE-2019-19788 | 1 Opera | 1 Opera | 2024-11-21 | 5.5 Medium |
| Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context. | ||||
| CVE-2019-19787 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. | ||||
| CVE-2019-19786 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. | ||||
| CVE-2019-19785 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. | ||||
| CVE-2019-19783 | 5 Canonical, Cyrus, Debian and 2 more | 5 Ubuntu Linux, Imap, Debian Linux and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. | ||||
| CVE-2019-19782 | 1 Labf | 1 Aceaxe Plus | 2024-11-21 | 9.8 Critical |
| The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. | ||||
| CVE-2019-19775 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 6.1 Medium |
| The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | ||||