Export limit exceeded: 363397 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363397 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18887 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 8.1 High |
| An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. | ||||
| CVE-2019-18886 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security. | ||||
| CVE-2019-18885 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. | ||||
| CVE-2019-18884 | 1 Fairsketch | 1 Rise - Ultimate Project Manager | 2024-11-21 | 8.8 High |
| index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | ||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 6.1 Medium |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | ||||
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | ||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | ||||
| CVE-2019-18874 | 2 Psutil Project, Redhat | 7 Psutil, Ansible Tower, Enterprise Linux and 4 more | 2024-11-21 | 7.5 High |
| psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | ||||
| CVE-2019-18873 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 9.0 Critical |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. | ||||
| CVE-2019-18872 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). | ||||
| CVE-2019-18871 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 8.8 High |
| A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | ||||
| CVE-2019-18870 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 6.5 Medium |
| A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. | ||||
| CVE-2019-18869 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 9.8 Critical |
| Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. | ||||
| CVE-2019-18868 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 9.8 Critical |
| Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | ||||
| CVE-2019-18867 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/. | ||||
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | ||||
| CVE-2019-18865 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 5.3 Medium |
| Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | ||||
| CVE-2019-18864 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | ||||
| CVE-2019-18863 | 1 Mitel | 16 6863i, 6863i Firmware, 6865i and 13 more | 2024-11-21 | 5.9 Medium |
| A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information. | ||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2024-11-21 | 7.8 High |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | ||||