Export limit exceeded: 363401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363401 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19507 | 1 Json Pattern Validator Project | 1 Json Pattern Validator | 2024-11-21 | 5.3 Medium |
| In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. | ||||
| CVE-2019-19506 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 7.5 High |
| Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. | ||||
| CVE-2019-19505 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 8.8 High |
| Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | ||||
| CVE-2019-19502 | 1 Maleck | 1 Image Uploader And Browser For Ckeditor | 2024-11-21 | 9.8 Critical |
| Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. | ||||
| CVE-2019-19501 | 1 Idrix | 1 Veracrypt | 2024-11-21 | 7.8 High |
| VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. | ||||
| CVE-2019-19500 | 1 Matrix42 | 1 Workspace Management | 2024-11-21 | 5.4 Medium |
| Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software. | ||||
| CVE-2019-19499 | 2 Grafana, Redhat | 2 Grafana, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. | ||||
| CVE-2019-19497 | 1 Altn | 1 Mdaemon Email Server | 2024-11-21 | 5.4 Medium |
| MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. | ||||
| CVE-2019-19496 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 5.4 Medium |
| Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. | ||||
| CVE-2019-19495 | 1 Technicolor | 2 Tc7230 Steb, Tc7230 Steb Firmware | 2024-11-21 | 9.8 Critical |
| The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell. | ||||
| CVE-2019-19494 | 4 Compal, Netgear, Sagemcom and 1 more | 14 7284e, 7284e Firmware, 7486e and 11 more | 2024-11-21 | 8.8 High |
| Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. | ||||
| CVE-2019-19492 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 9.8 Critical |
| FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | ||||
| CVE-2019-19491 | 1 Testlink | 1 Testlink | 2024-11-21 | 6.1 Medium |
| TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. | ||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2024-11-21 | 7.3 High |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | ||||
| CVE-2019-19489 | 2 Microsoft, Smplayer | 2 Windows, Smplayer | 2024-11-21 | 5.5 Medium |
| SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. | ||||
| CVE-2019-19487 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | ||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 Medium |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | ||||
| CVE-2019-19484 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.1 Medium |
| Open redirect via parameter āpā in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | ||||
| CVE-2019-19481 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | 4.6 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | ||||
| CVE-2019-19480 | 2 Linux, Opensc Project | 2 Linux Kernel, Opensc | 2024-11-21 | 4.6 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | ||||