Export limit exceeded: 360667 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360667 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360667 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360667 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360667 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360667 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13509 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. | ||||
| CVE-2019-13508 | 2 Canonical, Freetds | 2 Ubuntu Linux, Freetds | 2024-11-21 | 9.8 Critical |
| FreeTDS through 1.1.11 has a Buffer Overflow. | ||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2024-11-21 | N/A |
| hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | ||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2024-11-21 | N/A |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | ||||
| CVE-2019-13505 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | 6.1 Medium |
| The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | ||||
| CVE-2019-13504 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-11-21 | 6.5 Medium |
| There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. | ||||
| CVE-2019-13503 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 7.5 High |
| mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. | ||||
| CVE-2019-13498 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 7.4 High |
| One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. | ||||
| CVE-2019-13497 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 6.5 Medium |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | ||||
| CVE-2019-13496 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 8.1 High |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | ||||
| CVE-2019-13495 | 1 Zyxel | 2 Xgs2210-52hp, Xgs2210-52hp Firmware | 2024-11-21 | 5.4 Medium |
| In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | ||||
| CVE-2019-13494 | 1 Castlerock | 1 Simple Network Management Protocol Console | 2024-11-21 | N/A |
| nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. | ||||
| CVE-2019-13493 | 1 Sitecore | 1 Experience Platform | 2024-11-21 | N/A |
| In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. | ||||
| CVE-2019-13489 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. | ||||
| CVE-2019-13488 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used. | ||||
| CVE-2019-13486 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-11-21 | N/A |
| In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. | ||||
| CVE-2019-13485 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-11-21 | N/A |
| In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. | ||||
| CVE-2019-13484 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-11-21 | N/A |
| In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. | ||||
| CVE-2019-13483 | 1 Auth0 | 1 Passport-sharepoint | 2024-11-21 | N/A |
| Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms. | ||||
| CVE-2019-13482 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings. | ||||