Export limit exceeded: 79150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79150 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 7.8 High |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | ||||
| CVE-2019-14717 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 7.8 High |
| Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | ||||
| CVE-2019-14712 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 7.8 High |
| Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | ||||
| CVE-2019-14711 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 7.0 High |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | ||||
| CVE-2019-14692 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. | ||||
| CVE-2019-14691 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. | ||||
| CVE-2019-14690 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. | ||||
| CVE-2019-14688 | 2 Microsoft, Trendmicro | 9 Windows, Control Manager, Endpoint Sensor and 6 more | 2024-11-21 | 7.0 High |
| Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. | ||||
| CVE-2019-14666 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.8 High |
| GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. | ||||
| CVE-2019-14657 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 8.8 High |
| Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | ||||
| CVE-2019-14656 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 8.8 High |
| Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | ||||
| CVE-2019-14613 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | 7.8 High |
| Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14610 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2024-11-21 | 7.8 High |
| Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14608 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2024-11-21 | 7.8 High |
| Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14605 | 1 Intel | 1 Setup And Configuration Software Platform Discovery Utility | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. | ||||
| CVE-2019-14603 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14602 | 2 Intel, Microsoft | 2 Nuvoton Consumer Infrared, Windows | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14601 | 1 Intel | 1 Raid Web Console 3 | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2024-11-21 | 7.8 High |
| Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14586 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 8.0 High |
| Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | ||||