Export limit exceeded: 347994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25203 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25203 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12157 | 1 Jetbrains | 2 Teamcity, Upsource | 2024-11-21 | 9.8 Critical |
| In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | ||||
| CVE-2019-12156 | 1 Jetbrains | 1 Upsource | 2024-11-21 | 5.3 Medium |
| Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. | ||||
| CVE-2019-12086 | 3 Debian, Fasterxml, Redhat | 12 Debian Linux, Jackson-databind, Amq Streams and 9 more | 2024-11-21 | 7.5 High |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. | ||||
| CVE-2019-11998 | 1 Hpe | 2 Superdome Flex Server, Superdome Flex Server Firmware | 2024-11-21 | 5.5 Medium |
| HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product. | ||||
| CVE-2019-11991 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | N/A |
| HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays. | ||||
| CVE-2019-11980 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11968 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11967 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11884 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 3.3 Low |
| The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. | ||||
| CVE-2019-11857 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 9.1 Critical |
| Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. | ||||
| CVE-2019-11833 | 5 Canonical, Debian, Fedoraproject and 2 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2024-11-21 | 5.5 Medium |
| fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. | ||||
| CVE-2019-11832 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
| TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. | ||||
| CVE-2019-11781 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.8 High |
| Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation. | ||||
| CVE-2019-11749 | 2 Mozilla, Redhat | 3 Firefox, Firefox Esr, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | ||||
| CVE-2019-11743 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-11-21 | 3.7 Low |
| Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | ||||
| CVE-2019-11728 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 4.7 Medium |
| The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11716 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11714 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11698 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-11-21 | N/A |
| If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | ||||
| CVE-2019-11697 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67. | ||||