Export limit exceeded: 361529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361529 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12612 | 1 Bitdefender | 2 Box, Box Firmware | 2024-11-21 | 7.8 High |
| An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. | ||||
| CVE-2019-12611 | 1 Bitdefender | 2 Box, Box Firmware | 2024-11-21 | 4.4 Medium |
| An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. | ||||
| CVE-2019-12601 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | ||||
| CVE-2019-12600 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | ||||
| CVE-2019-12599 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | ||||
| CVE-2019-12598 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | ||||
| CVE-2019-12597 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. | ||||
| CVE-2019-12596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. | ||||
| CVE-2019-12595 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. | ||||
| CVE-2019-12594 | 2 Debian, Dosbox | 2 Debian Linux, Dosbox | 2024-11-21 | N/A |
| DOSBox 0.74-2 has Incorrect Access Control. | ||||
| CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
| IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | ||||
| CVE-2019-12592 | 1 Evernote | 1 Web Clipper | 2024-11-21 | N/A |
| A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame. | ||||
| CVE-2019-12591 | 1 Netgear | 1 Insight | 2024-11-21 | N/A |
| NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. | ||||
| CVE-2019-12589 | 1 Firejail Project | 1 Firejail | 2024-11-21 | N/A |
| In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. | ||||
| CVE-2019-12588 | 1 Espressif | 2 Arduino Esp8266, Esp8266 Nonos Sdk | 2024-11-21 | 6.5 Medium |
| The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | ||||
| CVE-2019-12587 | 1 Espressif | 2 Esp-idf, Esp8266 Nonos Sdk | 2024-11-21 | N/A |
| The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. | ||||
| CVE-2019-12586 | 1 Espressif | 3 Arduino-esp32, Esp-idf, Esp8266 Nonos Sdk | 2024-11-21 | N/A |
| The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | ||||
| CVE-2019-12585 | 2 Apcupsd, Netgate | 2 Apcupsd, Pfsense | 2024-11-21 | N/A |
| Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. | ||||
| CVE-2019-12584 | 2 Apcupsd, Netgate | 2 Apcupsd, Pfsense | 2024-11-21 | N/A |
| Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | ||||
| CVE-2019-12583 | 1 Zyxel | 28 Uag2100, Uag2100 Firmware, Uag4100 and 25 more | 2024-11-21 | N/A |
| Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. | ||||