Export limit exceeded: 362527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85126 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20063 | 1 Symonics | 1 Libmysofa | 2024-11-21 | 8.8 High |
| hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. | ||||
| CVE-2019-20061 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.5 High |
| The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password. | ||||
| CVE-2019-20060 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.5 High |
| MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information. | ||||
| CVE-2019-20059 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732. | ||||
| CVE-2019-20048 | 1 Al-enterprise | 1 Omnivista 8770 | 2024-11-21 | 7.2 High |
| An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM. | ||||
| CVE-2019-20047 | 1 Al-enterprise | 2 Omnivista 4760, Omnivista 8770 | 2024-11-21 | 7.5 High |
| An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>. | ||||
| CVE-2019-20045 | 1 S3india | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-11-21 | 7.5 High |
| The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. Specially crafted malicious packets could cause disconnection of active authentic connections or reboot of device. This is a different issue than CVE-2019-16879 and CVE-2019-20046. | ||||
| CVE-2019-20044 | 6 Apple, Debian, Fedoraproject and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-11-21 | 7.8 High |
| In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | ||||
| CVE-2019-20030 | 1 Nec | 2 Um8000, Um8000 Firmware | 2024-11-21 | 7.8 High |
| An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected. | ||||
| CVE-2019-20029 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 8.8 High |
| An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. | ||||
| CVE-2019-20028 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 7.5 High |
| Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface. | ||||
| CVE-2019-20026 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2024-11-21 | 7.5 High |
| The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. | ||||
| CVE-2019-20014 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. | ||||
| CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | ||||
| CVE-2019-20010 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | ||||
| CVE-2019-20006 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 7.5 High |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault. | ||||
| CVE-2019-20004 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. | ||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 7.8 High |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | ||||
| CVE-2019-20001 | 1 Ricoh | 2 Streamline Nx Client Tool, Streamline Nx Pc Client | 2024-11-21 | 7.8 High |
| An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. | ||||
| CVE-2019-1999 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Android | 2024-11-21 | 7.8 High |
| In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196. | ||||