Export limit exceeded: 361784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361784 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13663 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2019-13662 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-13661 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. | ||||
| CVE-2019-13660 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 5.3 Medium |
| UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. | ||||
| CVE-2019-13659 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2024-11-21 | 9.8 Critical |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | ||||
| CVE-2019-13657 | 1 Broadcom | 2 Ca Performance Management, Network Operations | 2024-11-21 | 9.8 Critical |
| CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | ||||
| CVE-2019-13656 | 1 Broadcom | 2 Ca Client Automation, Ca Workload Automation Ae | 2024-11-21 | 9.8 Critical |
| An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2019-13655 | 1 Imgix | 1 Imgix | 2024-11-21 | N/A |
| Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory. | ||||
| CVE-2019-13653 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). | ||||
| CVE-2019-13652 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). | ||||
| CVE-2019-13651 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). | ||||
| CVE-2019-13650 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). | ||||
| CVE-2019-13649 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). | ||||
| CVE-2019-13648 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-11-21 | 5.5 Medium |
| In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. | ||||
| CVE-2019-13647 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | N/A |
| Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | ||||
| CVE-2019-13646 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | N/A |
| Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | ||||
| CVE-2019-13645 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | N/A |
| Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | ||||
| CVE-2019-13644 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 5.4 Medium |
| Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | ||||
| CVE-2019-13643 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A |
| Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page. | ||||