Export limit exceeded: 361133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361133 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12208 | 1 F5 | 1 Njs | 2024-11-21 | N/A |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | ||||
| CVE-2019-12207 | 1 F5 | 1 Njs | 2024-11-21 | N/A |
| njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | ||||
| CVE-2019-12206 | 1 F5 | 1 Njs | 2024-11-21 | N/A |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | ||||
| CVE-2019-12205 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 6.1 Medium |
| SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | ||||
| CVE-2019-12204 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 9.8 Critical |
| In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | ||||
| CVE-2019-12203 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 6.3 Medium |
| SilverStripe through 4.3.3 allows session fixation in the "change password" form. | ||||
| CVE-2019-12198 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | N/A |
| In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header. | ||||
| CVE-2019-12196 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | N/A |
| A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | ||||
| CVE-2019-12195 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | N/A |
| TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. | ||||
| CVE-2019-12193 | 1 H3c | 1 H3cloud Os | 2024-11-21 | N/A |
| H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. | ||||
| CVE-2019-12190 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | ||||
| CVE-2019-12189 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. | ||||
| CVE-2019-12186 | 1 Sylius | 2 Grid, Sylius | 2024-11-21 | 4.8 Medium |
| An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object. | ||||
| CVE-2019-12185 | 1 Elabftw | 1 Elabftw | 2024-11-21 | N/A |
| eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | ||||
| CVE-2019-12184 | 1 Boostio | 1 Boostnote | 2024-11-21 | N/A |
| There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136. | ||||
| CVE-2019-12183 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2024-11-21 | 7.5 High |
| Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API. | ||||
| CVE-2019-12182 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2024-11-21 | 9.8 Critical |
| Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | ||||
| CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | ||||
| CVE-2019-12180 | 1 Smartbear | 2 Readyapi, Soapui | 2024-11-21 | 7.8 High |
| An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. | ||||
| CVE-2019-12177 | 1 Htc | 1 Viveport | 2024-11-21 | N/A |
| Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking. | ||||