Export limit exceeded: 332905 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16731 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-11-21 | 7.5 High |
| The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. | ||||
| CVE-2019-16729 | 3 Canonical, Debian, Pam-python Project | 3 Ubuntu Linux, Debian Linux, Pam-python | 2024-11-21 | 7.8 High |
| pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | ||||
| CVE-2019-16720 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 High |
| ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | ||||
| CVE-2019-16718 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. | ||||
| CVE-2019-16714 | 3 Canonical, F5, Linux | 3 Ubuntu Linux, Traffix Signaling Delivery Controller, Linux Kernel | 2024-11-21 | 7.5 High |
| In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | ||||
| CVE-2019-16706 | 1 Kkcms Project | 1 Kkcms | 2024-11-21 | 8.8 High |
| kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | ||||
| CVE-2019-16701 | 1 Netgate | 1 Pfsense | 2024-11-21 | 8.8 High |
| pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. | ||||
| CVE-2019-16682 | 1 Url Redirect Project | 1 Url Redirect | 2024-11-21 | 7.3 High |
| The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection. | ||||
| CVE-2019-16675 | 1 Phoenixcontact | 3 Config\+, Pc Worx, Pc Worx Express | 2024-11-21 | 7.8 High |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | ||||
| CVE-2019-16667 | 1 Netgate | 1 Pfsense | 2024-11-21 | 8.8 High |
| diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | ||||
| CVE-2019-16663 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-16660 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 8.8 High |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | ||||
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | ||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | ||||
| CVE-2019-16655 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 7.5 High |
| joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. | ||||
| CVE-2019-16653 | 1 Geniusbytes | 1 Genius Server | 2024-11-21 | 8.8 High |
| An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges. | ||||
| CVE-2019-16652 | 1 Geniusbytes | 1 Genius Server | 2024-11-21 | 7.2 High |
| The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2019-16647 | 2 Maxthon, Microsoft | 2 Maxthon Browser, Windows | 2024-11-21 | 7.2 High |
| Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. | ||||
| CVE-2019-16645 | 1 Embedthis | 1 Goahead | 2024-11-21 | 8.6 High |
| An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. | ||||
| CVE-2019-16575 | 1 Jenkins | 1 Alauda Kubernetes Support | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | ||||