Export limit exceeded: 363090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8761 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1000005 | 1 Mpdf Project | 1 Mpdf | 2024-11-21 | N/A |
| mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="phar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8. | ||||
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | ||||
| CVE-2019-0936 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734. | ||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-0741 | 1 Microsoft | 1 Java Software Development Kit | 2024-11-21 | N/A |
| An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'. | ||||
| CVE-2019-0574 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. | ||||
| CVE-2019-0572 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. | ||||
| CVE-2019-0381 | 1 Sap | 3 Dynamic Tier, Sap Iq, Sql Anywhere | 2024-11-21 | 5.5 Medium |
| A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | ||||
| CVE-2019-0380 | 1 Sap | 1 Landscape Management | 2024-11-21 | 4.9 Medium |
| Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. | ||||
| CVE-2019-0266 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | ||||
| CVE-2019-0202 | 1 Apache | 1 Storm | 2024-11-21 | N/A |
| The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. | ||||
| CVE-2019-0195 | 1 Apache | 1 Tapestry | 2024-11-21 | 9.8 Critical |
| Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component. | ||||
| CVE-2019-0192 | 3 Apache, Netapp, Redhat | 3 Solr, Storage Automation Store, Jboss Fuse | 2024-11-21 | N/A |
| In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. | ||||
| CVE-2019-0189 | 1 Apache | 1 Ofbiz | 2024-11-21 | 9.8 Critical |
| The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16 | ||||
| CVE-2019-0187 | 1 Apache | 1 Jmeter | 2024-11-21 | N/A |
| Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised. | ||||
| CVE-2019-0183 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 3.3 Low |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0182 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 3.3 Low |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0180 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 4.4 Medium |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0179 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 4.4 Medium |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0178 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 3.6 Low |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | ||||