Export limit exceeded: 361549 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361549 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | ||||
| CVE-2019-12851 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. | ||||
| CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | ||||
| CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2024-11-21 | N/A |
| In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | ||||
| CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12845 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. | ||||
| CVE-2019-12844 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. | ||||
| CVE-2019-12843 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. | ||||
| CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12841 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12840 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | ||||
| CVE-2019-12839 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | N/A |
| In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution. | ||||
| CVE-2019-12838 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 9.8 Critical |
| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | ||||
| CVE-2019-12837 | 1 Gencat | 1 Portal D\'acces A La Universitat | 2024-11-21 | 4.3 Medium |
| The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints. | ||||
| CVE-2019-12836 | 1 Bobronix | 1 Jeditor | 2024-11-21 | N/A |
| The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover. | ||||
| CVE-2019-12835 | 1 Leanify Project | 1 Leanify | 2024-11-21 | N/A |
| formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping. | ||||
| CVE-2019-12834 | 1 Ht2labs | 1 Learning Locker | 2024-11-21 | N/A |
| In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. | ||||
| CVE-2019-12831 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. | ||||
| CVE-2019-12830 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | ||||
| CVE-2019-12829 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c. | ||||