Export limit exceeded: 363296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16403 | 1 Webkul | 1 Bagisto | 2024-11-21 | 8.8 High |
| In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | ||||
| CVE-2019-16401 | 1 Samsung | 6 Galaxy Note 2, Galaxy Note 2 Firmware, Galaxy S3 and 3 more | 2024-11-21 | 6.5 Medium |
| Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status. | ||||
| CVE-2019-16400 | 1 Samsung | 6 Galaxy Note 2, Galaxy Note 2 Firmware, Galaxy S3 and 3 more | 2024-11-21 | 6.5 Medium |
| Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks. | ||||
| CVE-2019-16399 | 1 Westerndigital | 2 Wd My Book, Wd My Book Firmware | 2024-11-21 | 9.8 Critical |
| Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. | ||||
| CVE-2019-16398 | 1 Keeper | 2 K5, K5 Firmware | 2024-11-21 | 6.8 Medium |
| On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. | ||||
| CVE-2019-16396 | 1 Gnucobol Project | 1 Gnucobol | 2024-11-21 | 7.8 High |
| GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. | ||||
| CVE-2019-16395 | 1 Gnucobol Project | 1 Gnucobol | 2024-11-21 | 7.8 High |
| GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. | ||||
| CVE-2019-16394 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2024-11-21 | 5.3 Medium |
| SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | ||||
| CVE-2019-16393 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2024-11-21 | 6.1 Medium |
| SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | ||||
| CVE-2019-16392 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2024-11-21 | 6.1 Medium |
| SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. | ||||
| CVE-2019-16391 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2024-11-21 | 6.5 Medium |
| SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php. | ||||
| CVE-2019-16388 | 1 Pega | 1 Pega Platform | 2024-11-21 | 4.3 Medium |
| PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | ||||
| CVE-2019-16387 | 1 Pega | 1 Pega Platform | 2024-11-21 | 8.1 High |
| PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | ||||
| CVE-2019-16386 | 1 Pega | 1 Pega Platform | 2024-11-21 | 4.3 Medium |
| PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | ||||
| CVE-2019-16385 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 6.1 Medium |
| Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. | ||||
| CVE-2019-16384 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 6.5 Medium |
| Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions. | ||||
| CVE-2019-16383 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 9.4 Critical |
| MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection. | ||||
| CVE-2019-16382 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file. | ||||
| CVE-2019-16378 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 9.8 Critical |
| OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. | ||||
| CVE-2019-16377 | 1 Makandra | 1 Consul | 2024-11-21 | 9.8 Critical |
| The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. | ||||