Export limit exceeded: 76185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76185 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19650 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | ||||
| CVE-2019-19648 | 2 Fedoraproject, Virustotal | 2 Fedora, Yara | 2024-11-21 | 7.8 High |
| In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. | ||||
| CVE-2019-19647 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.8 High |
| radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. | ||||
| CVE-2019-19643 | 1 Ise | 1 Smart Connect Knx Vaillant | 2024-11-21 | 7.5 High |
| ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. | ||||
| CVE-2019-19642 | 1 Supermicro | 3 X8sti-f, X8sti-f Bios, X8sti-f Firmware | 2024-11-21 | 8.8 High |
| On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor. | ||||
| CVE-2019-19631 | 1 Bigswitch | 3 Big Cloud Fabric, Big Monitoring Fabric, Multi-cloud Director | 2024-11-21 | 8.8 High |
| An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can access sensitive information via an API endpoint that reveals session cookies of authenticated administrators, leading to privilege escalation. | ||||
| CVE-2019-19630 | 3 Debian, Fedoraproject, Htmldoc Project | 3 Debian Linux, Fedora, Htmldoc | 2024-11-21 | 7.8 High |
| HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. | ||||
| CVE-2019-19629 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. | ||||
| CVE-2019-19614 | 1 Halvotec | 1 Raquest | 2024-11-21 | 7.5 High |
| An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. Fixed in Release 10.24.11206.1. | ||||
| CVE-2019-19611 | 1 Halvotec | 1 Raquest | 2024-11-21 | 7.5 High |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1 | ||||
| CVE-2019-19609 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.2 High |
| The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | ||||
| CVE-2019-19604 | 4 Debian, Fedoraproject, Git-scm and 1 more | 4 Debian Linux, Fedora, Git and 1 more | 2024-11-21 | 7.8 High |
| Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | ||||
| CVE-2019-19603 | 6 Apache, Netapp, Oracle and 3 more | 7 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 4 more | 2024-11-21 | 7.5 High |
| SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | ||||
| CVE-2019-19601 | 1 Opendetex Project | 1 Opendetex | 2024-11-21 | 7.8 High |
| OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf. | ||||
| CVE-2019-19598 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-11-21 | 8.8 High |
| D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function. | ||||
| CVE-2019-19597 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-11-21 | 8.8 High |
| D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | ||||
| CVE-2019-19590 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. | ||||
| CVE-2019-19588 | 1 Validators Project | 1 Validators | 2024-11-21 | 7.5 High |
| The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6. | ||||
| CVE-2019-19585 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.8 High |
| An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | ||||
| CVE-2019-19583 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. | ||||