Export limit exceeded: 360990 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360990 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14423 | 1 Eq-3 | 3 Ccu2, Ccu2 Firmware, Cux-daemon | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. | ||||
| CVE-2019-14422 | 1 Tortoisesvn | 1 Tortoisesvn | 2024-11-21 | N/A |
| An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside. | ||||
| CVE-2019-14418 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 8.8 High |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | ||||
| CVE-2019-14417 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | N/A |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | ||||
| CVE-2019-14416 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 7.2 High |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | ||||
| CVE-2019-14415 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 4.8 Medium |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. | ||||
| CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | ||||
| CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | ||||
| CVE-2019-14412 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). | ||||
| CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | ||||
| CVE-2019-14410 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). | ||||
| CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | ||||
| CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | ||||
| CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | ||||
| CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | ||||
| CVE-2019-14405 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | ||||
| CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | ||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | ||||
| CVE-2019-14402 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | ||||
| CVE-2019-14401 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | ||||