Export limit exceeded: 74905 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74905 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19272 | 1 Proftpd | 1 Proftpd | 2024-11-21 | 7.5 High |
| An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | ||||
| CVE-2019-19271 | 1 Proftpd | 1 Proftpd | 2024-11-21 | 7.5 High |
| An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | ||||
| CVE-2019-19270 | 2 Fedoraproject, Proftpd | 2 Fedora, Proftpd | 2024-11-21 | 7.5 High |
| An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | ||||
| CVE-2019-19264 | 1 Simplifile | 1 Recordfusion | 2024-11-21 | 7.5 High |
| In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI. | ||||
| CVE-2019-19261 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. | ||||
| CVE-2019-19252 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. | ||||
| CVE-2019-19248 | 1 Ea | 1 Origin | 2024-11-21 | 7.8 High |
| Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). | ||||
| CVE-2019-19247 | 1 Ea | 1 Origin | 2024-11-21 | 7.8 High |
| Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). | ||||
| CVE-2019-19246 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.5 High |
| Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | ||||
| CVE-2019-19244 | 4 Canonical, Oracle, Siemens and 1 more | 4 Ubuntu Linux, Mysql Workbench, Sinec Infrastructure Network Services and 1 more | 2024-11-21 | 7.5 High |
| sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | ||||
| CVE-2019-19241 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. | ||||
| CVE-2019-19235 | 2 Asus, Microsoft | 2 Atk Package, Windows 10 | 2024-11-21 | 7.0 High |
| AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name. | ||||
| CVE-2019-19234 | 2 Redhat, Sudo | 2 Enterprise Linux, Sudo | 2024-11-21 | 7.5 High |
| In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash | ||||
| CVE-2019-19232 | 2 Redhat, Sudo | 2 Enterprise Linux, Sudo | 2024-11-21 | 7.5 High |
| In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions | ||||
| CVE-2019-19231 | 2 Broadcom, Microsoft | 2 Ca Client Automation, Windows | 2024-11-21 | 7.3 High |
| An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges. | ||||
| CVE-2019-19226 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | ||||
| CVE-2019-19225 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | ||||
| CVE-2019-19224 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | ||||
| CVE-2019-19223 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | ||||
| CVE-2019-19220 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 8.8 High |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). | ||||