Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9166 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | ||||
| CVE-2019-9164 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | ||||
| CVE-2019-9162 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2024-11-21 | 7.8 High |
| In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. | ||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2024-11-21 | 8.1 High |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | ||||
| CVE-2019-9139 | 1 Datools | 1 Daviewindy | 2024-11-21 | 7.8 High |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | ||||
| CVE-2019-9138 | 1 Datools | 1 Daviewindy | 2024-11-21 | 7.8 High |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | ||||
| CVE-2019-9137 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 7.8 High |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | ||||
| CVE-2019-9136 | 1 Datools | 1 Daviewindy | 2024-11-21 | 7.8 High |
| DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | ||||
| CVE-2019-9135 | 1 Datools | 1 Daviewindy | 2024-11-21 | 7.8 High |
| DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | ||||
| CVE-2019-9126 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device. | ||||
| CVE-2019-9122 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. | ||||
| CVE-2019-9104 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. | ||||
| CVE-2019-9102 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 8.8 High |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. | ||||
| CVE-2019-9101 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. | ||||
| CVE-2019-9098 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. | ||||
| CVE-2019-9080 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 7.5 High |
| DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | ||||
| CVE-2019-9077 | 4 Canonical, F5, Gnu and 1 more | 4 Ubuntu Linux, Traffix Signaling Delivery Controller, Binutils and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. | ||||
| CVE-2019-9075 | 4 Canonical, F5, Gnu and 1 more | 18 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 15 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | ||||
| CVE-2019-9070 | 4 Canonical, F5, Gnu and 1 more | 4 Ubuntu Linux, Traffix Signaling Delivery Controller, Binutils and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. | ||||
| CVE-2019-9061 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 8.8 High |
| An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. | ||||