Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2146 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16753 | 2 Decentralized Anonymous Payment System Project, Pivx | 2 Decentralized Anonymous Payment System, Private Instant Verified Transactions | 2024-11-21 | 7.5 High |
| An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0. | ||||
| CVE-2019-16732 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-11-21 | 8.1 High |
| Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | ||||
| CVE-2019-16517 | 1 Connectwise | 1 Control | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge. | ||||
| CVE-2019-16398 | 1 Keeper | 2 K5, K5 Firmware | 2024-11-21 | 6.8 Medium |
| On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. | ||||
| CVE-2019-16275 | 3 Canonical, Debian, W1.fi | 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more | 2024-11-21 | 6.5 Medium |
| hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | ||||
| CVE-2019-16237 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-11-21 | 7.5 High |
| Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | ||||
| CVE-2019-16235 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-11-21 | 7.5 High |
| Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | ||||
| CVE-2019-16007 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 7.1 High |
| A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application. | ||||
| CVE-2019-16000 | 1 Cisco | 1 Umbrella Roaming Client | 2024-11-21 | 4.4 Medium |
| A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications. | ||||
| CVE-2019-15971 | 1 Cisco | 1 Email Security Appliance Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of certain MP3 file types. An attacker could exploit this vulnerability by sending a crafted MP3 file through the targeted device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | ||||
| CVE-2019-15796 | 3 Canonical, Debian, Ubuntu | 3 Ubuntu Linux, Python-apt, Python-apt | 2024-11-21 | 4.7 Medium |
| Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. | ||||
| CVE-2019-15613 | 2 Nextcloud, Opensuse | 2 Nextcloud Server, Backports | 2024-11-21 | 8.0 High |
| A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | ||||
| CVE-2019-15545 | 1 Libp2p | 1 Libp2p | 2024-11-21 | N/A |
| An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures. | ||||
| CVE-2019-15224 | 1 Rest-client Project | 1 Rest-client | 2024-11-21 | N/A |
| The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. | ||||
| CVE-2019-15162 | 2 Opengroup, Tcpdump | 2 Unix, Libpcap | 2024-11-21 | 5.3 Medium |
| rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. | ||||
| CVE-2019-15020 | 1 Zingbox | 1 Inspector | 2024-11-21 | 9.8 Critical |
| A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. | ||||
| CVE-2019-14859 | 2 Python-ecdsa Project, Redhat | 6 Python-ecdsa, Ceph Storage, Openstack and 3 more | 2024-11-21 | 9.1 Critical |
| A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. | ||||
| CVE-2019-13740 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-11-21 | 6.5 Medium |
| Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2019-13664 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-13483 | 1 Auth0 | 1 Passport-sharepoint | 2024-11-21 | N/A |
| Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms. | ||||