Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15539 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 6.1 Medium |
| The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. | ||||
| CVE-2019-15538 | 7 Canonical, Debian, Fedoraproject and 4 more | 29 Ubuntu Linux, Debian Linux, Fedora and 26 more | 2024-11-21 | 7.5 High |
| An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | ||||
| CVE-2019-15537 | 1 Cesnet | 1 Proxystatistics | 2024-11-21 | N/A |
| The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | ||||
| CVE-2019-15536 | 1 Youracclaim | 1 Acclaim | 2024-11-21 | N/A |
| The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. | ||||
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2024-11-21 | N/A |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | ||||
| CVE-2019-15534 | 1 Raml-module-builder Project | 1 Raml-module-builder | 2024-11-21 | N/A |
| Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. | ||||
| CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2024-11-21 | N/A |
| XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | ||||
| CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2024-11-21 | N/A |
| CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | ||||
| CVE-2019-15531 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libextractor | 2024-11-21 | 6.5 Medium |
| GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | ||||
| CVE-2019-15530 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | ||||
| CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | ||||
| CVE-2019-15528 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | ||||
| CVE-2019-15527 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | ||||
| CVE-2019-15526 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. | ||||
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2024-11-21 | N/A |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | ||||
| CVE-2019-15524 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | N/A |
| CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | ||||
| CVE-2019-15523 | 2 Debian, Linbit | 2 Debian Linux, Csync2 | 2024-11-21 | 5.3 Medium |
| An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. | ||||
| CVE-2019-15522 | 1 Linbit | 1 Csync2 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | ||||
| CVE-2019-15521 | 2 Fork-cms, Spoon-library | 2 Fork Cms, Spoon Library | 2024-11-21 | N/A |
| Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. | ||||
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2024-11-21 | N/A |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | ||||