Export limit exceeded: 10098 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10098 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8122 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution. | ||||
| CVE-2019-8119 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution. | ||||
| CVE-2019-8114 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload. | ||||
| CVE-2019-8111 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. | ||||
| CVE-2019-8110 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. | ||||
| CVE-2019-8109 | 1 Magento | 1 Magento | 2024-11-21 | 8.0 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. | ||||
| CVE-2019-8091 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. | ||||
| CVE-2019-7964 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution. | ||||
| CVE-2019-7942 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. | ||||
| CVE-2019-7932 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. | ||||
| CVE-2019-7903 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | ||||
| CVE-2019-7896 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update. | ||||
| CVE-2019-7895 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update. | ||||
| CVE-2019-7892 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. | ||||
| CVE-2019-7885 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. | ||||
| CVE-2019-7876 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout. | ||||
| CVE-2019-7842 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-11-21 | N/A |
| Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. Successful exploitation could lead to remote code execution. | ||||
| CVE-2019-7751 | 1 Ricoh | 1 Fusionpro Vdp | 2024-11-21 | 7.5 High |
| A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. | ||||
| CVE-2019-7731 | 1 Mywebsql | 1 Mywebsql | 2024-11-21 | N/A |
| MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file. | ||||
| CVE-2019-7489 | 1 Sonicwall | 1 Email Security Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | ||||