Export limit exceeded: 363248 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 85484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14814 | 6 Canonical, Debian, Linux and 3 more | 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more | 2024-11-21 | 7.8 High |
| There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | ||||
| CVE-2019-14812 | 3 Artifex, Fedoraproject, Redhat | 4 Ghostscript, Fedora, 3scale Amp and 1 more | 2024-11-21 | 7.8 High |
| A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14811 | 5 Artifex, Debian, Fedoraproject and 2 more | 7 Ghostscript, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14806 | 2 Opensuse, Palletsprojects | 2 Leap, Werkzeug | 2024-11-21 | 7.5 High |
| Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | ||||
| CVE-2019-14788 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 8.8 High |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | ||||
| CVE-2019-14768 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 8.8 High |
| An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | ||||
| CVE-2019-14767 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 7.5 High |
| In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | ||||
| CVE-2019-14765 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 8.8 High |
| Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | ||||
| CVE-2019-14753 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gpnt00000 and 1 more | 2024-11-21 | 7.5 High |
| SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow | ||||
| CVE-2019-14745 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.8 High |
| In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. | ||||
| CVE-2019-14744 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 7.8 High |
| In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | ||||
| CVE-2019-14737 | 1 Ubisoft | 1 Uplay | 2024-11-21 | 7.8 High |
| Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. | ||||
| CVE-2019-14734 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. | ||||
| CVE-2019-14733 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. | ||||
| CVE-2019-14732 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. | ||||
| CVE-2019-14724 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 7.5 High |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | ||||
| CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 7.8 High |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | ||||
| CVE-2019-14717 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 7.8 High |
| Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | ||||
| CVE-2019-14712 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 7.8 High |
| Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | ||||
| CVE-2019-14711 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 7.0 High |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | ||||