Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2024-11-21 | 8.2 High |
| Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | ||||
| CVE-2019-16553 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | ||||
| CVE-2019-16551 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | ||||
| CVE-2019-16550 | 1 Jenkins | 1 Maven | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | ||||
| CVE-2019-16549 | 1 Jenkins | 1 Maven | 2024-11-21 | 8.1 High |
| Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | ||||
| CVE-2019-16548 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | ||||
| CVE-2019-16544 | 1 Qmetry | 1 Jenkins Qmetry For Jira | 2024-11-21 | 8.8 High |
| Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16538 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 8.8 High |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-16531 | 1 Layerbb | 1 Layerbb | 2024-11-21 | 8.8 High |
| LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. | ||||
| CVE-2019-16530 | 1 Sonatype | 2 Nexus Iq Server, Nexus Repository Manager | 2024-11-21 | 7.2 High |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | ||||
| CVE-2019-16528 | 1 Mediawiki | 1 Abusefilter | 2024-11-21 | 7.5 High |
| An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | ||||
| CVE-2019-16519 | 1 Eset | 3 Cyber Security, Endpoint Antivirus, Endpoint Security | 2024-11-21 | 7.8 High |
| ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. | ||||
| CVE-2019-16514 | 1 Connectwise | 1 Control | 2024-11-21 | 7.2 High |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server. | ||||
| CVE-2019-16513 | 1 Connectwise | 1 Control | 2024-11-21 | 8.8 High |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests. | ||||
| CVE-2019-16510 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 7.5 High |
| libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. | ||||
| CVE-2019-16508 | 1 Google | 1 Chrome Os | 2024-11-21 | 7.8 High |
| The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate. | ||||
| CVE-2019-16471 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 7.8 High |
| Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2019-16470 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 7.8 High |
| Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2019-16469 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 7.5 High |
| Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-16468 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 7.5 High |
| Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||