Export limit exceeded: 361649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361649 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16444 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 9.8 Critical |
| Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2019-16417 | 1 Hrworks | 1 Hrworks | 2024-11-21 | 5.4 Medium |
| HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report. | ||||
| CVE-2019-16416 | 1 Hrworks | 1 Hrworks | 2024-11-21 | 5.4 Medium |
| HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. | ||||
| CVE-2019-16414 | 1 Gfi | 1 Kerio Control | 2024-11-21 | 6.1 Medium |
| A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. | ||||
| CVE-2019-16413 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | ||||
| CVE-2019-16412 | 1 Tendacn | 2 N301, N301 Firmware | 2024-11-21 | 7.5 High |
| In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) | ||||
| CVE-2019-16411 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead. | ||||
| CVE-2019-16410 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 9.1 Critical |
| An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. | ||||
| CVE-2019-16409 | 2 Silverstripe, Symbiote | 2 Silverstripe, Versionedfiles | 2024-11-21 | 5.3 Medium |
| In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) | ||||
| CVE-2019-16407 | 1 Jetbrains | 1 Resharper | 2024-11-21 | 7.3 High |
| JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. | ||||
| CVE-2019-16406 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.8 High |
| Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | ||||
| CVE-2019-16405 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.2 High |
| Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. | ||||
| CVE-2019-16404 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter. | ||||
| CVE-2019-16403 | 1 Webkul | 1 Bagisto | 2024-11-21 | 8.8 High |
| In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | ||||
| CVE-2019-16401 | 1 Samsung | 6 Galaxy Note 2, Galaxy Note 2 Firmware, Galaxy S3 and 3 more | 2024-11-21 | 6.5 Medium |
| Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status. | ||||
| CVE-2019-16400 | 1 Samsung | 6 Galaxy Note 2, Galaxy Note 2 Firmware, Galaxy S3 and 3 more | 2024-11-21 | 6.5 Medium |
| Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks. | ||||
| CVE-2019-16399 | 1 Westerndigital | 2 Wd My Book, Wd My Book Firmware | 2024-11-21 | 9.8 Critical |
| Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. | ||||
| CVE-2019-16398 | 1 Keeper | 2 K5, K5 Firmware | 2024-11-21 | 6.8 Medium |
| On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. | ||||
| CVE-2019-16396 | 1 Gnucobol Project | 1 Gnucobol | 2024-11-21 | 7.8 High |
| GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. | ||||
| CVE-2019-16395 | 1 Gnucobol Project | 1 Gnucobol | 2024-11-21 | 7.8 High |
| GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. | ||||