Export limit exceeded: 361529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361529 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15531 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libextractor | 2024-11-21 | 6.5 Medium |
| GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | ||||
| CVE-2019-15530 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | ||||
| CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | ||||
| CVE-2019-15528 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | ||||
| CVE-2019-15527 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | ||||
| CVE-2019-15526 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. | ||||
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2024-11-21 | N/A |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | ||||
| CVE-2019-15524 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | N/A |
| CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | ||||
| CVE-2019-15523 | 2 Debian, Linbit | 2 Debian Linux, Csync2 | 2024-11-21 | 5.3 Medium |
| An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. | ||||
| CVE-2019-15522 | 1 Linbit | 1 Csync2 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | ||||
| CVE-2019-15521 | 2 Fork-cms, Spoon-library | 2 Fork Cms, Spoon Library | 2024-11-21 | N/A |
| Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. | ||||
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2024-11-21 | N/A |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | ||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2024-11-21 | N/A |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | ||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2024-11-21 | N/A |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | ||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2024-11-21 | N/A |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | ||||
| CVE-2019-15516 | 1 Cuberite | 1 Cuberite | 2024-11-21 | N/A |
| Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | ||||
| CVE-2019-15515 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A |
| Discourse 2.3.2 sends the CSRF token in the query string. | ||||
| CVE-2019-15514 | 1 Telegram | 1 Telegram | 2024-11-21 | N/A |
| The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. | ||||
| CVE-2019-15513 | 2 Motorola, Openwrt | 5 C1 Mwr03, C1 Mwr03 Firmware, Cx2l Mwr04l and 2 more | 2024-11-21 | N/A |
| An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. | ||||
| CVE-2019-15511 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. All GOG Galaxy versions before 1.2.60 and all corresponding versions of GOG Galaxy 2.0 Beta are affected. | ||||