Export limit exceeded: 361553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13517 | 1 Bd | 2 Pyxis Enterprise Server, Pyxis Es | 2024-11-21 | N/A |
| In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. | ||||
| CVE-2019-13516 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 8.8 High |
| In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. | ||||
| CVE-2019-13515 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | N/A |
| OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. | ||||
| CVE-2019-13514 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2024-11-21 | 7.8 High |
| In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. | ||||
| CVE-2019-13513 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2024-11-21 | 7.8 High |
| In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. | ||||
| CVE-2019-13512 | 1 Fujielectric | 1 Frenic Loader | 2024-11-21 | 3.3 Low |
| Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. | ||||
| CVE-2019-13509 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. | ||||
| CVE-2019-13508 | 2 Canonical, Freetds | 2 Ubuntu Linux, Freetds | 2024-11-21 | 9.8 Critical |
| FreeTDS through 1.1.11 has a Buffer Overflow. | ||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2024-11-21 | N/A |
| hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | ||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2024-11-21 | N/A |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | ||||
| CVE-2019-13505 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | 6.1 Medium |
| The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | ||||
| CVE-2019-13504 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-11-21 | 6.5 Medium |
| There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. | ||||
| CVE-2019-13503 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 7.5 High |
| mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. | ||||
| CVE-2019-13498 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 7.4 High |
| One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. | ||||
| CVE-2019-13497 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 6.5 Medium |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | ||||
| CVE-2019-13496 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 8.1 High |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | ||||
| CVE-2019-13495 | 1 Zyxel | 2 Xgs2210-52hp, Xgs2210-52hp Firmware | 2024-11-21 | 5.4 Medium |
| In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | ||||
| CVE-2019-13494 | 1 Castlerock | 1 Simple Network Management Protocol Console | 2024-11-21 | N/A |
| nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. | ||||
| CVE-2019-13493 | 1 Sitecore | 1 Experience Platform | 2024-11-21 | N/A |
| In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. | ||||
| CVE-2019-13489 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. | ||||