Export limit exceeded: 347858 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79593 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79593 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20360 | 1 Givewp | 1 Givewp | 2024-11-21 | 7.5 High |
| A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data. | ||||
| CVE-2019-20358 | 2 Microsoft, Trendmicro | 2 Windows, Anti-threat Toolkit | 2024-11-21 | 7.8 High |
| Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | ||||
| CVE-2019-20357 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus \+ Security 2019, Antivirus \+ Security 2020 and 6 more | 2024-11-21 | 7.8 High |
| A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. | ||||
| CVE-2019-20352 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 7.1 High |
| In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c. | ||||
| CVE-2019-20337 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 7.2 High |
| In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | ||||
| CVE-2019-20329 | 1 Openlambda Project | 1 Openlambda | 2024-11-21 | 8.1 High |
| OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000. | ||||
| CVE-2019-20327 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.8 High |
| Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.) | ||||
| CVE-2019-20326 | 3 Debian, Gnome, Linuxmint | 3 Debian Linux, Gthumb, Pix | 2024-11-21 | 7.8 High |
| A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | ||||
| CVE-2019-20224 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 8.8 High |
| netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742. | ||||
| CVE-2019-20219 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | ||||
| CVE-2019-20218 | 5 Canonical, Debian, Oracle and 2 more | 5 Ubuntu Linux, Debian Linux, Mysql Workbench and 2 more | 2024-11-21 | 7.5 High |
| selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | ||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2024-11-21 | 7.5 High |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | ||||
| CVE-2019-20209 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2024-11-21 | 7.5 High |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | ||||
| CVE-2019-20197 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | ||||
| CVE-2019-20191 | 1 Sync | 3 Oxygen Xml Author, Oxygen Xml Developer, Oxygen Xml Editor | 2024-11-21 | 7.5 High |
| Oxygen XML Editor 21.1.1 allows XXE to read any file. | ||||
| CVE-2019-20184 | 1 Keepass | 1 Keepass | 2024-11-21 | 7.8 High |
| KeePass 2.4.1 allows CSV injection in the title field of a CSV export. | ||||
| CVE-2019-20183 | 1 Employee Records System Project | 1 Employee Records System | 2024-11-21 | 7.2 High |
| uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension. | ||||
| CVE-2019-20179 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 8.8 High |
| SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. | ||||
| CVE-2019-20176 | 2 Fedoraproject, Pureftpd | 2 Fedora, Pure-ftpd | 2024-11-21 | 7.5 High |
| In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. | ||||
| CVE-2019-20175 | 1 Qemu | 1 Qemu | 2024-11-21 | 7.5 High |
| An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert. | ||||