Export limit exceeded: 362848 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362848 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14476 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 6.5 Medium |
| AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. | ||||
| CVE-2019-14475 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2024-11-21 | N/A |
| eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. | ||||
| CVE-2019-14474 | 1 Eq-3 | 2 Ccu3, Ccu3 Firmware | 2024-11-21 | N/A |
| eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can start this attack too. | ||||
| CVE-2019-14473 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2024-11-21 | N/A |
| eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp. | ||||
| CVE-2019-14472 | 1 Zurmo | 1 Zurmo | 2024-11-21 | N/A |
| Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | ||||
| CVE-2019-14471 | 1 Testlink | 1 Testlink | 2024-11-21 | N/A |
| TestLink 1.9.19 has XSS via the error.php message parameter. | ||||
| CVE-2019-14470 | 2 Instagram-php-api Project, Userproplugin | 2 Instagram-php-api, User Pro | 2024-11-21 | N/A |
| cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | ||||
| CVE-2019-14469 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | ||||
| CVE-2019-14468 | 1 Gnucobol Project | 1 Gnucobol | 2024-11-21 | N/A |
| GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. | ||||
| CVE-2019-14467 | 1 Infoway | 1 Social Photo Gallery | 2024-11-21 | 7.8 High |
| The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked. | ||||
| CVE-2019-14466 | 2 Debian, Gosa Project | 2 Debian Linux, Gosa | 2024-11-21 | 6.5 Medium |
| The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie. | ||||
| CVE-2019-14465 | 1 Schismtracker | 1 Schism Tracker | 2024-11-21 | 7.8 High |
| fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. | ||||
| CVE-2019-14464 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.5 Medium |
| XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. | ||||
| CVE-2019-14463 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2024-11-21 | 9.1 Critical |
| An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. | ||||
| CVE-2019-14462 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2024-11-21 | 9.1 Critical |
| An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | ||||
| CVE-2019-14459 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2024-11-21 | 7.5 High |
| nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | ||||
| CVE-2019-14458 | 1 Vivotek | 1 Camera | 2024-11-21 | 7.5 High |
| VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | ||||
| CVE-2019-14457 | 1 Vivotek | 1 Camera | 2024-11-21 | 9.8 Critical |
| VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. | ||||
| CVE-2019-14456 | 1 Opengear | 1 Opengear | 2024-11-21 | N/A |
| Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server. | ||||
| CVE-2019-14454 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | ||||