Export limit exceeded: 359583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10042 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication. | ||||
| CVE-2019-10041 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication. | ||||
| CVE-2019-10040 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. | ||||
| CVE-2019-10039 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. | ||||
| CVE-2019-10038 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | ||||
| CVE-2019-10028 | 1 Netflix | 1 Dial Reference | 2024-11-21 | N/A |
| Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. | ||||
| CVE-2019-10027 | 1 Phpcms | 1 Phpcms | 2024-11-21 | N/A |
| PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. | ||||
| CVE-2019-10026 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. | ||||
| CVE-2019-10025 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. | ||||
| CVE-2019-10024 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. | ||||
| CVE-2019-10023 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. | ||||
| CVE-2019-10022 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. | ||||
| CVE-2019-10021 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. | ||||
| CVE-2019-10020 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. | ||||
| CVE-2019-10019 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. | ||||
| CVE-2019-10018 | 3 Canonical, Debian, Xpdfreader | 3 Ubuntu Linux, Debian Linux, Xpdf | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | ||||
| CVE-2019-10017 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | ||||
| CVE-2019-10016 | 1 Gforge | 1 Advanced Server | 2024-11-21 | N/A |
| GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. | ||||
| CVE-2019-10015 | 1 Baigo | 1 Baigo Sso | 2024-11-21 | N/A |
| baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file. | ||||
| CVE-2019-10014 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | ||||