Export limit exceeded: 332381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 332381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15728 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. | ||||
| CVE-2019-15725 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. | ||||
| CVE-2019-15722 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | ||||
| CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2024-11-21 | 8.0 High |
| Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | ||||
| CVE-2019-15715 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 7.2 High |
| MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | ||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 7.2 High |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | ||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | ||||
| CVE-2019-15710 | 1 Fortiguard | 2 Fortiextender, Fortiextender Firmware | 2024-11-21 | 7.2 High |
| An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. | ||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.5 High |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | ||||
| CVE-2019-15703 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.5 High |
| An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | ||||
| CVE-2019-15702 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. | ||||
| CVE-2019-15695 | 3 Opensuse, Redhat, Tigervnc | 3 Leap, Enterprise Linux, Tigervnc | 2024-11-21 | 7.2 High |
| TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2019-15694 | 3 Opensuse, Redhat, Tigervnc | 3 Leap, Enterprise Linux, Tigervnc | 2024-11-21 | 7.2 High |
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2019-15693 | 2 Redhat, Tigervnc | 2 Enterprise Linux, Tigervnc | 2024-11-21 | 7.2 High |
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2019-15692 | 3 Opensuse, Redhat, Tigervnc | 3 Leap, Enterprise Linux, Tigervnc | 2024-11-21 | 7.2 High |
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2019-15691 | 3 Opensuse, Redhat, Tigervnc | 3 Leap, Enterprise Linux, Tigervnc | 2024-11-21 | 7.2 High |
| TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2019-15682 | 1 Rdesktop | 1 Rdesktop | 2024-11-21 | 7.5 High |
| RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 | ||||
| CVE-2019-15681 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 7.5 High |
| LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. | ||||
| CVE-2019-15680 | 1 Tightvnc | 1 Tightvnc | 2024-11-21 | 7.5 High |
| TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. | ||||
| CVE-2019-15665 | 1 Killernetworking | 1 Killer Control Center | 2024-11-21 | 7.2 High |
| An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges. | ||||