Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19492 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 9.8 Critical |
| FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | ||||
| CVE-2019-19491 | 1 Testlink | 1 Testlink | 2024-11-21 | 6.1 Medium |
| TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. | ||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2024-11-21 | 7.3 High |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | ||||
| CVE-2019-19489 | 2 Microsoft, Smplayer | 2 Windows, Smplayer | 2024-11-21 | 5.5 Medium |
| SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. | ||||
| CVE-2019-19487 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | ||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.5 Medium |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | ||||
| CVE-2019-19484 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.1 Medium |
| Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | ||||
| CVE-2019-19481 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | 4.6 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | ||||
| CVE-2019-19480 | 2 Linux, Opensc Project | 2 Linux Kernel, Opensc | 2024-11-21 | 4.6 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | ||||
| CVE-2019-19479 | 4 Debian, Fedoraproject, Opensc Project and 1 more | 4 Debian Linux, Fedora, Opensc and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | ||||
| CVE-2019-19475 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | ||||
| CVE-2019-19470 | 1 Tinywall | 1 Tinywall | 2024-11-21 | 7.8 High |
| Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13. | ||||
| CVE-2019-19469 | 1 Zmanda | 1 Amanda | 2024-11-21 | 8.8 High |
| In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. | ||||
| CVE-2019-19468 | 1 10-strike | 1 Free Photo Viewer | 2024-11-21 | 7.8 High |
| Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry. | ||||
| CVE-2019-19466 | 1 Sceditor | 1 Sceditor | 2024-11-21 | 6.1 Medium |
| SCEditor 2.1.3 allows XSS. | ||||
| CVE-2019-19464 | 3 Apple, Cbc, Google | 3 Iphone Os, Gem, Android | 2024-11-21 | 5.3 Medium |
| The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | ||||
| CVE-2019-19463 | 1 Huami | 1 Mi Fit | 2024-11-21 | 5.3 Medium |
| The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. | ||||
| CVE-2019-19462 | 5 Canonical, Debian, Linux and 2 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-11-21 | 5.5 Medium |
| relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | ||||
| CVE-2019-19461 | 1 Teampasswordmanager | 1 Team Password Manager | 2024-11-21 | 5.4 Medium |
| Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title. | ||||
| CVE-2019-19460 | 2 Microsoft, Saltosystem | 2 Windows, Proaccess Space | 2024-11-21 | 5.5 Medium |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. | ||||