Export limit exceeded: 79272 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79272 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16209 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.4 High |
| A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | ||||
| CVE-2019-16208 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.5 High |
| Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | ||||
| CVE-2019-16207 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.8 High |
| Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | ||||
| CVE-2019-16205 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 8.8 High |
| A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | ||||
| CVE-2019-16204 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 High |
| Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | ||||
| CVE-2019-16203 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 High |
| Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | ||||
| CVE-2019-16201 | 3 Debian, Redhat, Ruby-lang | 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more | 2024-11-21 | 7.5 High |
| WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. | ||||
| CVE-2019-16200 | 1 Gnu | 1 Serveez | 2024-11-21 | 7.5 High |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | ||||
| CVE-2019-16188 | 1 Hcltech | 1 Appscan Source | 2024-11-21 | 7.1 High |
| HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. | ||||
| CVE-2019-16187 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 7.5 High |
| Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | ||||
| CVE-2019-16186 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 7.2 High |
| In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | ||||
| CVE-2019-16185 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 7.2 High |
| In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | ||||
| CVE-2019-16177 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 7.5 High |
| In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | ||||
| CVE-2019-16174 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 8.8 High |
| An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | ||||
| CVE-2019-16170 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.1 High |
| An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | ||||
| CVE-2019-16163 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | ||||
| CVE-2019-16162 | 1 K-takata | 1 Onigmo | 2024-11-21 | 7.5 High |
| Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. | ||||
| CVE-2019-16161 | 1 K-takata | 1 Onigmo | 2024-11-21 | 7.5 High |
| Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. | ||||
| CVE-2019-16160 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.5 High |
| An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. | ||||
| CVE-2019-16159 | 4 Debian, Fedoraproject, Nic and 1 more | 4 Debian Linux, Fedora, Bird and 1 more | 2024-11-21 | 7.5 High |
| BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | ||||